william manning wrote on 2019-04-05 09:43:
Every now and then, Paul Vixie and I are in complete harmony.
i am in no way concerned about that.
In my
current slot, we are one of thousands of entities that are being held
accountable to a series of regulatory requirements that have significan
On Fri, Apr 5, 2019 at 9:45 AM william manning
wrote:
>
> Every now and then, Paul Vixie and I are in complete harmony. In my current
> slot, we are one of thousands of entities that are being held accountable to
> a series of regulatory requirements that have significant fiscal impacts on
> t
Every now and then, Paul Vixie and I are in complete harmony. In my
current slot, we are one of thousands of entities that are being held
accountable to a series of regulatory requirements that have significant
fiscal impacts on the exfiltration of private/patient data. We are
starting to focus o
> On 13 Mar 2019, at 3:02 am, Jim Reid wrote:
>
>
>
>> On 12 Mar 2019, at 15:49, Stephane Bortzmeyer wrote:
>>
>> the case of a commercial
>> Internet access provider is clear in the other direction: a client is
>> not an employee, and is entitled to a free, open and neutral Internet
>> acc
On 3/12/2019 9:02 AM, Jim Reid wrote:
>
>> On 12 Mar 2019, at 15:49, Stephane Bortzmeyer wrote:
>>
>> the case of a commercial
>> Internet access provider is clear in the other direction: a client is
>> not an employee, and is entitled to a free, open and neutral Internet
>> access.
> Stephane, t
> On 12 Mar 2019, at 15:49, Stephane Bortzmeyer wrote:
>
> the case of a commercial
> Internet access provider is clear in the other direction: a client is
> not an employee, and is entitled to a free, open and neutral Internet
> access.
Stephane, that’s simply not true. A client of an Interne
On Sun, Mar 10, 2019 at 11:17:43PM -0700,
Paul Vixie wrote
a message of 36 lines which said:
> > You claim the right to impose your rules, because it is "your network".
> > Yet you have to define ownership.
> my network, my rules. your provider's network, their rules.
I clearly disagree. If
On Sun, Mar 10, 2019 at 10:24:56PM -0700,
Paul Vixie wrote
a message of 82 lines which said:
> set up a war between end users and network operators,
Well, the tussle already exists. It does not depend on whether you
like it or not, on whether the IETF approves it or not. When people
have diff
Please see inline [TR]
From: dns-privacy On Behalf Of Neil Cook
Sent: Tuesday, March 12, 2019 5:14 PM
To: Konda, Tirumaleswar Reddy
Cc: d...@ietf.org; Vittorio Bertola
; dnsop@ietf.org; Paul
Vixie ; Christian Huitema ; nalini
elkins ; dns-priv...@ietf.org; Ackermann, Michael
; Stephen Farrel
>> ISTM that it is quite possible that enterprises that deploy their own DoH
>> services could potentially reduce such leakage and gain overall. (I'm
>> assuming here that sensible browser-makers will end up providing
>> something that works for browsers running in networks with split-horizon
>> se
> -Original Message-
> From: Stephen Farrell
> Sent: Tuesday, March 12, 2019 5:30 AM
> To: Paul Vixie ; d...@ietf.org
> Cc: nalini elkins ; Konda, Tirumaleswar Reddy
> ; dnsop@ietf.org; Ackermann,
> Michael ; Christian Huitema
> ; dns-priv...@ietf.org; Vittorio Bertola
>
> Subject: Re: [d
On 12/03/2019 01:54, nalini elkins wrote:
> Stephen,
>
>> TLS1.3 will, I expect, noticeably improve security for an awful lot of
>> enterprises in time.
>
> I am sure you are right.
Great.
> There is also likely to be quite a bit of pain
> ahead for many.
I don't agree at all about that, d
Stephen,
> TLS1.3 will, I expect, noticeably improve security for an awful lot of
enterprises in time.
I am sure you are right. There is also likely to be quite a bit of pain
ahead for many. Also,
this is exactly why I propose a neutral observer who might tease out the
nuances. Or
say someth
(This distribution list is too scattered and diverse. Be
great if some AD or someone just picked one list for this.
In the meantime...)
On 11/03/2019 20:43, nalini elkins wrote:
> impact assessment that certain changes such as
> DoH and TLS1.3 will have on enterprises,
TLS1.3 will, I expect, no
(Apologies for top-replying)
I think, from squinting at this a bit, that what is missing is some kind of
policy/service discovery, and coming to some kind of agreement (between
DNSOP and DOH, and any/all other interested parties) on what default
behavior should be (and under what conditions/circum
>i wonder if everyone here knows that TLS 1.3 and encrypted headers is
>going to push a SOCKS agenda onto enterprises that had not previously
>needed one
I have, ahem, some familiarity with the enterprises and TLS1.3 issue.
(These
past few years have aged me terribly!) I frankly feel that we have
nalini elkins wrote on 2019-03-11 10:26:
Tiru,
Thanks for your comments.
> Enterprise networks are already able to block DoH services,
i wonder if everyone here knows that TLS 1.3 and encrypted headers is
going to push a SOCKS agenda onto enterprises that had not previously
needed one, an
Tiru,
Thanks for your comments.
> Enterprise networks are already able to block DoH services,
We are also concerned about getting threat intelligence so that would
impact DoH on the Internet. We are also concerned about being able to
block malware, etc. inside the enterprise.
Thank you for do
Please see inline [TR]
From: dns-privacy On Behalf Of nalini elkins
Sent: Monday, March 11, 2019 11:05 AM
To: Paul Vixie
Cc: Stephen Farrell ; d...@ietf.org; dnsop@ietf.org;
Christian Huitema ; dns-priv...@ietf.org; Vittorio Bertola
; Ackermann, Michael
Subject: Re: [dns-privacy] [DNSOP] New
Christian Huitema wrote on 2019-03-10 23:05:
On 3/10/2019 10:24 PM, Paul Vixie wrote:
if you are using my network, then it makes no difference which of us
bought you that laptop. you will use the RDNS i allow you to use. RDNS
is part of the control plane, and i use it for both monitoring and
On 3/10/2019 10:24 PM, Paul Vixie wrote:
> if you are using my network, then it makes no difference which of us
> bought you that laptop. you will use the RDNS i allow you to use. RDNS
> is part of the control plane, and i use it for both monitoring and
> control. sometimes that's so that i can se
Paul,
> (yes, i will be part of a major new project to identify and block all DoH
services, so
> that behavioural security policies can still work, because you may have
> noticed that the internet has never become MORE secure from new tech,
> but it occasionally becomes LESS secure more slowly bec
Christian Huitema wrote on 2019-03-10 21:14:
There are a bunch of conflicting requirements here, and it would be good
to tease out the contradictions. Consider the following cases:
1) I am using my phone, and using application-X.
2) I am at home, using application-X on my home computer.
BTW, I am reading the draft Tiru et al just posted on DPRIVE about this
issue to see if we have any comments.
> 4) I am using my work laptop on the enterprise network, and
using application-X
This could be an internal application or on the Internet.
Enterprises have connections to:
- Internal L
On 3/10/2019 8:25 PM, nalini elkins wrote:
> > Similarly, putting DNS in user space allows for immediate adoption
> of DNSSEC and privacy enhancements, even when the operating system or
> the local network does not support them
>
> At enterprises (banks, insurance, etc) on their internal networ
> Similarly, putting DNS in user space allows for immediate adoption of
DNSSEC and privacy enhancements, even when the operating system or the
local network does not support them
At enterprises (banks, insurance, etc) on their internal networks, people
run their own DNS servers which may resolve
26 matches
Mail list logo
