On 03/05/2014 01:27 PM, Francis Dupont wrote:
> 
> Personally I don't like the idea of DNS encryption but because I
> don't want to give a reason to ISPs to filter port 53.
>

This is something I worry about too. If we consider the resolver itself
out of scope, and only protect the wire, all the more reasons for ISPs
to try and force you to use theirs (perhaps even after some friendly
coercion from the nearest three-letter agency (four in the netherlands
as well)). In which case we'd need even better channel encryption, to
the point where you can't tell it's DNS, so it can be tunneled out of
the network (and that is an avenue only reserved for us geeks, I wager).

Jelte

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to