Re: [DNSOP] Draft for dynamic discovery of secure resolvers

Tue, 21 Aug 2018 20:04:42 -0700 

On 08/21/2018 05:48 AM, Ted Lemon wrote:
On Tue, Aug 21, 2018 at 12:59 AM, Doug Barton <do...@dougbarton.us <mailto:do...@dougbarton.us>> wrote: 

    You, like Ted, are looking at the problem the wrong way 'round.


And this, in a nutshell, is why this discussion has gone on so long.  
  If you just caricature what the people you're conversing with say, 
then it's inevitably going to go like this:


[ Snipped a bunch of arguments I didn't make ]


This is why discussions balloon in the IETF.   So now I have the choice 
of either being silenced, or continuing to be Person A in this charade.  
  I think I've spoken my peace.   If you want to proceed with this work, 
please do not be surprised if, when the call for adoption comes, I come 
in and say "I raised substantive objections to this, which were not 
addressed, so please do not take this on as a working group item."


Ted,


While I'm not concerned about the issues you raised in your caricature, 
I feel that I have tried to engage you in your discussion of different 
security models. My understanding is that your models devolve down to 
two. Either the user configures a resolver themselves (whether it's 
DOH/DOT or not), and user doesn't configure a resolver themselves. I 
recognize the distinction you made between your models 1 and 3, and 
further recognize that it's extremely important to some people. My point 
is that *from the standpoint of a DHCP option for DOH/DOT* it's not 
relevant.



From our discussion, it seems that you're in agreement with me that if 
a user isn't configuring a resolver explicitly that they are no worse 
off with DOH/DOT than they are without it. Am I right so far?



Meanwhile, you've also voiced an opinion that the presence of a DHCP 
option implies some sort of endorsement by the IETF. I (and others) 
replied that we've never heard of this, and disagree strongly with your 
position.



So other than the fact that we disagree on the endorsement issue, what 
am I missing here?


Doug


_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
























					Reply via email to