On 7/15/19 10:54 AM, Andrew M. Hettinger wrote: > Arguably there's actually a decrease in security over DoT as, rather > then your network provider being the one who knows what DNS lookups > you're doing, now some third party with whom you have no relationship.
You, as a lone user, have zero leverage with your network provider. Firefox or Chome or Safari (etc.), as the user agent for millions of people, can exercise more leverage and also enter into contractual agreements with trusted recursive resolvers. That seems like a promising avenue to explore. > Let's be clear, "some third party" is pronounced "Cloudflare." This > isn't to bash on Cloudflare, but everyone's DNS traffic going to ONE > company? Mozilla's intent is to deploy a set of trusted recursive resolvers, as Ekr explained back in March on the DoH list: https://mailarchive.ietf.org/arch/msg/doh/po6GCAJ52BAKuyL-dZiU91v6hLw But these topics might be more appropriate for the ADD list... Peter _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
