On Tue, 25 Jul 2017, Paul Vixie wrote:
users believe that the recursive name server operator has aligned interests,
and for that reason one shouldn't say "it's easy to bypass" but rather
"end-user cooperation is required."
So if 8.8.8.8 and your local ISP's nameserver do this to track you, what
choice does an average enduser have?
this is about CDN. as in, how to decide which address record set to give
a dns client, given that all you know is the recursive server address,
yet you're trying to implement policy for an expected tcp session that
might immediately follow.
This draft, unlike ECS, is about pinning individual users and tracking
them. You saying this is needed for an optimized CDN based TCP stream
is not fairly covering the use case of gathering PII.
Because this option trasmits information that is meant to identify
specific clients
You should really have said "This draft attempts to link the DNS query
to the individual TCP stream following to identify the specific user,
to then apply specific filtering/censoring/protecting policies to the
identified individual users (eg children, dissidents) for their own
good".
If you just wanted CDN optimalization, the ISP recursive server could
simply use ECS.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
