[dns-operations] Bad ISPs, DoH and user choice (was Re: Can Root DNS server modify the response?)

David Conrad drc at virtualized.org
Sat Mar 30 17:12:59 UTC 2019


Vittorio,

In general, I try to avoid the DoH “discussions" as to date, they have tended to be full of hyperbole and rhetoric with relatively few facts, building strawmen and then arguing how those strawmen will do bad things. For example:

> So, I totally agree that users should choose freely and have the final word - that's actually the topmost recommendation in the Internet draft I submitted. I do not agree that what Mozilla is doing puts users in charge; in fact, it does the opposite.

What Mozilla has publicly stated they are doing (see https://mailarchive.ietf.org/arch/browse/doh/?gbt=1&index=HPTOUtziIYe_PFuawExeetkSjVg):

    [...]
    2. The user will be informed that we have enabled use of a TRR and
    have the opportunity to turn it off at that time, but will not be
    required to opt-in to get DoH with a TRR.

    3. Any given client will automatically select a resolver out of that
    set and use that for all resolutions [with the two exceptions noted
    below.]

    4. At any time, the user will have the option to select a
    different resolver out of the list, specify their own resolver, or
    disable DoH entirely.
    [...]
This does not appear to me to be “the opposite” of putting the users in charge as you accuse. Of course, it is entirely possible that Mozilla are lying. I guess we’ll see.

Regards,
-drc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190330/c17a9413/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190330/c17a9413/attachment.sig>


More information about the dns-operations mailing list