On Wed, 21 Dec 2016, sth...@nethelp.no wrote:
Since operator participation was mentioned,
<op hat on>
this draft actively destroys trust in the DNS, which reduces trust in the
Internet overall.
No, this draft simply specifies what operators are already doing. Not
because they are intent on destroying trust in the DNS or the Internet,
but because they are forced to do this by governments, they need to
protect their own network, they would like to protect their customers,
and lots of other reasons.
There are two things you mixed together:
1) industry based filtering of DNS - a commercial opt-in service offering
2) government mandated filtering of DNS - A misguided breakage of
protocol forced upon operators.
And 1) should not need to break DNSSEC. IETF should come up with a
better solution for signaling a DNS lookup might be unhealthy for
the enduser.
For 2) if it breaks DNSSEC, that is fine. Governments will learn that
ISPs are not the right tools for censorship, and endnodes will simply
bypass the ISP DNS resolver.
It's possible that the ball will be dropped on this one like it was for
NAT. That would be stupid, IMHO.
The NAT example is as much overused by those in favour and against it.
It has no relation to this issue whatsoever.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
