[dns-operations] need ideas for selective proxying to defeat the economic poison pill built into DOH

m3047 m3047 at m3047.net
Thu May 16 19:29:29 UTC 2019

Time for threat actor modeling?

1) Who is "they"?
2) What is their "network"?

I suspect that "their network" is networks that they don't own, accessed 
with devices they don't understand.

Example 1: An expensive smartphone subsidized by their mobile provider, 
accessing wifi in a coffeeshop. Either they are utilizing the coffeeshop's 
wifi to avoid consuming their data plan, or the mobile operator is 
preferentially doing so as part of its own cost shifting effort.

Example 2: A laptop accessing wifi in a coffeeshop. They could use a VPN 
(many do), but they're not.

On Thu, 16 May 2019, Paul Vixie wrote:
> On Thursday, 16 May 2019 06:47:08 UTC Mukund Sivaraman wrote:
>> The goal of supporters of DoH is to make interference impossible to
>> perform.
> their ignorance of private network security policy, and arrogance toward
> anyone whose network does not look like theirs, is thus made evident. 
> [...]


Fred Morris

More information about the dns-operations mailing list