BTW, I am reading the draft Tiru et al just posted on DPRIVE about this issue to see if we have any comments.
> 4) I am using my work laptop on the enterprise network, and using application-X This could be an internal application or on the Internet. Enterprises have connections to: - Internal LAN / WAN clients - "Cloud" (much as I dislike the term) applications - Business partners - The Internet Companies also (validly, in my opinion) wish to know if their employees are going to fantasyfootballgame.com while they are supposedly doing work and of course, other sites which people should not be going to during work time. If I am paying someone, I expect them to do work that I wish them to do. The cloud example gets quite a bit more complex with some architectures some companies are proposing where there will be a complicated topology on premises. Let me check with the enterprise who told me about this & I will see if I can post the diagram or an explanation of what is planned. This is a complex problem. Thank your for your thoughtful consideration of the issues. Please let me know if my explanation makes the requirements any clearer. Nalini On Mon, Mar 11, 2019 at 9:44 AM Christian Huitema <huit...@huitema.net> wrote: > > On 3/10/2019 8:25 PM, nalini elkins wrote: > > > Similarly, putting DNS in user space allows for immediate adoption > > of DNSSEC and privacy enhancements, even when the operating system or > > the local network does not support them > > > > At enterprises (banks, insurance, etc) on their internal networks, > > people run their own DNS servers which may resolve for both internal > > and external sites. > > > > We were recently talking to a Fortune 50 company in the United States > > about what might happen you install a version of the browser which > > uses DNS-over-HTTPS automatically. (Clearly, this applies to any > > variant.) > > > > The questions that the Fortune 50 company architect asked were > > something like this: > > > > 1. You mean that DNS could be resolved outside my enterprise? > > > > 2. So whoever that is that resolves my DNS sees the pattern and > > frequency of what sites my company goes to? > > > > 3. How do I change this? > > > There are a bunch of conflicting requirements here, and it would be good > to tease out the contradictions. Consider the following cases: > > 1) I am using my phone, and using application-X. > > 2) I am at home, using application-X on my home computer. > > 3) I am using Wi-Fi in a hotel, and using application-X. > > 4) I am using my work laptop on the enterprise network, and using > application-X > > 5) I am using my work laptop in a hotel, and using application-X > > 6) I am using my work laptop on the network of a customer, and using > application-X. > > Today, plenty of people claim the right to control how I use the DNS: my > phone carrier, my ISP at home, the company that got the contract to > manage the hotel's Wi-Fi, the IT manager for my company's laptop, the IT > manager for the company that I am visiting. Out of those, there is just > one scenario for which the claim has some legitimacy: if the company > pays for my laptop and own the laptop, yes of course it has a legitimate > claim to control how I am using it. Otherwise, I, the user, get to > decide. If I like the application's setting better than the network's > default, then of course I expect those settings to stick. > > -- Christian Huitema > > > > -- Thanks, Nalini Elkins President Enterprise Data Center Operators www.e-dco.com
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
