On Tue, 25 Jul 2017, Paul Vixie wrote:
users believe that the recursive name server operator has aligned interests, and for that reason one shouldn't say "it's easy to bypass" but rather "end-user cooperation is required."
So if 8.8.8.8 and your local ISP's nameserver do this to track you, what choice does an average enduser have?
this is about CDN. as in, how to decide which address record set to give a dns client, given that all you know is the recursive server address, yet you're trying to implement policy for an expected tcp session that might immediately follow.
This draft, unlike ECS, is about pinning individual users and tracking them. You saying this is needed for an optimized CDN based TCP stream is not fairly covering the use case of gathering PII. Because this option trasmits information that is meant to identify specific clients You should really have said "This draft attempts to link the DNS query to the individual TCP stream following to identify the specific user, to then apply specific filtering/censoring/protecting policies to the identified individual users (eg children, dissidents) for their own good". If you just wanted CDN optimalization, the ISP recursive server could simply use ECS. Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop