On 12/03/2019 21:11, Paul Vixie wrote: > he's trying to achieve a political aim using technology.
Ok, now I think I understand and am pretty sure I disagree with you there. There are reasons to want confidentiality for DNS queries and answers, and access patterns, for which the IETF has achieved consensus. (See RFC7626) (*) DoT is one way to tackle those problems. DoH is another. I think an argument that DoH is "just politics" and is not aiming to try provided a security/privacy mechanism to tackle a problem on which the IETF has consensus falls on that basis myself. I fully agree that there are potential DoH deployments that could have side-effects (more that DoT) that warrant more discussion, but I figure your arguments along the above lines are misdirected. Cheers, S. (*) Ironically, one of the arguments against DoH raised in this discussion is that it would expose that kind of information from split-horizon deployments, so it seems that even those concerned about DoH accept the problem statement, which is helpful.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
