> Il 20 agosto 2018 alle 17.55 Ted Lemon <mel...@fugue.com> ha scritto: > > I am entirely within my rights to use DoH whether the network operator likes > it or not. It is not illegal for me to do so, and if I did so, it would not > be so that I could violate the law—it would be so that I could protect my > privacy and avoid DNS spoofing that returns forged answers, which I consider > to be a security threat, and which I am fairly certain my network operator > does. > > It is certainly true that in some cases, someone using DoH would be violating > a network operator policy that is enforceable, or would be violating the law. > But that is by no means the most common case, and it does you no credit to > pretend otherwise.
Can you substantiate this statement with data / details? Because I only know cases in which: a) ISPs filter out content on behalf of the local government due to legal requirements/court orders; b) ISPs filter out content on request by the user, e.g. for parental control; in the UK, ISPs are actually required by law to provide this service to the user, that can then decide whether to activate it or not and even what to filter out; c) ISPs filter out threats such as botnets, compromised websites distributing malware, etc - this does not entail any freedom of speech consideration and contributes to everyone's security. In many European countries network operators are selling b)+c) (see for example https://securenet.vodafone.com/ ) and people are actively buying the service, so they explicitly want this kind of filtering (and will not be able to continue getting it if their browser redirects their DNS queries somewhere else); and if you do not want it, you just don't buy it. As for a), possibly users do not want it, but it is still mandated by law. So I cannot immediately recall cases in which a network operator in Europe is filtering out things that a user wants and can lawfully access. But you mention that your network operator is spoofing the DNS and stifling your freedom of expression, so I guess it is censoring legitimate websites - this is bad, of course, but can you tell me which operator, and which websites? It would help my understanding of your use case. Finally, note that *in your country* it may be your right to use DoH to tamper with what your network operator is doing, but this may not be true in other countries. In fact, deploying any technology that circumvents security measures that network operators are required to implement by law might be illegal in itself. In the end, the DNS is a very complex policy subject (see the mess that ICANN is) with lots of stakeholders and conflicting views, and IMHO such a deep change in its architecture and "ecosystem" would require much more caution and a much broader discussion going well beyond the IETF. Regards, -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bert...@open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop