On Tuesday, 12 March 2019 18:56:05 UTC Christian Huitema wrote: > On 3/12/2019 11:35 AM, Paul Vixie wrote: > > if someone is concerned that some of the web sites > > reachable through some CDN are dangerous... > > Paul, who is this someone?
a network operator. > How do they decide? What does dangerous mean? that's a local policy matter, not subject to standardization, thus off-topic here. > These questions are very much behind the tension we see today. And the > answers are not as black and white as "this is my network, I get to decide". if it is my network, i get to decide. that's what i told spammers when i started the first anti-spam company (MAPS) and co-invented the first distributed reputation protocol (RBL), 23 years ago. it remains true today. my network, my rules. don't like my rules? use a different network. > > For example, users routinely delegate the filtering decision to some > kind of security software running on their device, often with support > from some cloud based service. They are making an explicit decision, and > often use menu options to decide what type of site is OK or not -- > adults would probably not subscribe to parental control services. There > is a market for these products, they compete based on reputation, ease > of use, etc. > > You are saying that whoever happens to control part of the network path > is entitled to override the user choices and impose their own. Really? no. not really. not at all. because, as before, you are claiming to restate my position, but doing so erroneously. > As Stephane wrote, that may be legit in some circumstances, but much > more questionable in others, such as a hotel Wi-Fi attempting to decide > what sites I could or could not access. It really is a tussle. i don't like the chinese government's rules for the great firewall. so, i keep my visits to that otherwise-great country short. this hurts me, and maybe hurts them also. but, it's their country, and i will obey their laws when i am using their network. and then i'll vote with my feet, to get to a better network with better rules. i once traveled to HK for a weekend between two week-long conferences behind the GFW, just so i could get work done. if you visit my home or office, you will either use my offered RDNS, or you will use an authorized VPN. so, beware. those are the rules. if you want different rules, use a different network. vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
