[dns-operations] DNS-over-TLS in public resolvers

Phillip Hallam-Baker phill at hallambaker.com
Tue Mar 7 13:41:27 UTC 2017

You said that maybe if I was nicer, the group would have accepted my points.

I said that maybe if people like you thought about how you present your
case you would realize that it is vastly more counter productive.

I am not the one asking the favor here. The WG group is.

The burden of nice is on the WG. It is for the WG to humbly and
respectfully persuade the stakeholders to deploy. Not the other way round.
You are the people asking various parties to make changes to their
technical infrastructure that are likely to be costing them in the millions
of dollars in some cases.

The attitude of the WG has from the start been to regard every operational
concern raised as being troublemaking and unhelpful. And that is itself a


We don't even know what the real showstopper issues are at Google or the
other large public DNS. I can guess from my experience but I have no direct
knowledge. They don't come here and say what they are.

This attitude that the people raising issues are the problem rather than
the people who refuse to listen has to change. Because until it changes,
the WG is going to continue to produce work that is ignored.

You can get as angry as you like. But if you refuse to address my issues, I
will refuse to put any effort to deploying your spec.

Very few of the senior people I interact with at Google or Microsoft or the
like have direct authority over the business groups that need to make a
change. Some are in a position where they report to a person who can sign
off on a project to just spend a couple of million on a project like this
to improve security. But signing the check is the easy part for them. If
there are technical issues raised, whether legitimate or not, the mandate
is just going to stall and nothing will happen.

On Tue, Mar 7, 2017 at 3:12 AM, Thomas Steen Rasmussen <thomas at gibfest.dk>

> On 03/06/2017 05:47 PM, Phillip Hallam-Baker wrote:
> Now you might think that given that I work for a company that has one of
> the public resolvers you would like to see change and you are the person
> asking me for the favor, that maybe you might want to take your own advice.
> ​Like Tweetler, you are very good at seeing how other people are being
> nasty and mean to you but utterly incapable of seeing what you are doing to
> them. Being gaslighted by Paul does not ma​ke me at all inclined to accept
> his position.
> I had to sleep on this because I was too angry after this to write a
> level-headed response yesterday. Here goes:
> I have NO clue who you are, where you work, and I really do not care. I
> also don't know who Tweetler is. Clearly I've stepped in the middle of some
> unresolved issues for you here.
> You also seem to be under the delusion that because you (apparently) run a
> large resolver that your opinion of DNS-over-TLS makes or breaks this
> proposal - as in: if you don't implement it, no-one will. You need to get
> off of whatever high horse you are on, the thin air up there clearly isn't
> doing you any good.
> I also never asked you for any favours and I am highly unlikely to do so
> in the future, since I am entirely done talking to you :)
> /Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170307/203185a1/attachment.html>

More information about the dns-operations mailing list