On 20/03/2019 03:17, Brian Dickson wrote: > On Tue, Mar 19, 2019 at 6:42 PM Stephen Farrell <stephen.farr...@cs.tcd.ie> > wrote: > >> >> Hiya, >> >> One individualistic data point on this sub-topic, and a real point: >> >> On 20/03/2019 01:13, Jared Mauch wrote: >>> My impression is there are people who will not be satisfied until all >> traffic looks >>> identical and you have zero way to protect your home, >> >> I do not claim that everyone ought do the same, but I absolutely >> do claim that encouraging voluntary policy adherence by dealing >> with the people using the n/w is preferable to many egregiously >> invasive attempts to force technical policy enforcement on >> unwilling serf-like users. >> > > So, this is the problem:
There's only one problem? Great! :-) > - If a network operator has any policy that is enforceable, ONLY the > technical policy enforcement model scales. My mail was about my policy for my home network and explicitly said that I do not claim that policy ought be followed by all home networks, never mind other kinds of network. Your argument about scale is not therefore relevant. (At least, not unless you want to give up all argument along the lines of "consider the children.") My policy, for my network, is as defensible as many others. And that isn't peculiar to home networks. > - In such an environment, there are only, ever, "willing users", because, > in order to use the network, they are required to agree to the policies. Wrong. In my home network, my children and their friends have no real choice to not use the network until they are relatively economically independent. (And in earlier days, they could not have given informed consent in any case, being too young.) In work environments what you say is also not completely correct, at least in some EU locales, where employees retain rights of various kinds whilst at work using an employer-provided n/w. We don't need to argue the rights and wrongs of that, it just is. > This makes the argument you have above, a vacuously defined one. Surprising as it may be I disagree that my argument is vacuous:-) > You want to encourage voluntary policy adherence for a non-existent set of > otherwise unwilling users. > > I understand your position: you would prefer that {some,all} networks were > not employing policies that {you,some people} disagree with. Ah. You apparently don't understand my non-vacuous argument. I guess that's better than the opposite:-) Once more: my policy for my network is defensible but is not one I claim ought be followed by everyone. And the same applies for all of the more intrusive policies being espoused here by those with concerns about DoH. That doesn't mean those concerns are vacuous or otherwise to be ignored, but does mean that claims as to such-and-such a policy being a necessity are not valid. Only one counter-example is needed to demonstrate that, and I've provided one (that is real, not invented). S. > I sympathize, but I disagree. What we need are mechanisms that scale. > My position (personally) is that we find ways to have scalable, technical > mechanisms. > They should allow users (or machine administrators) to be as compliant as > they are willing, and no more. > They should allow networks to enforce their policies, while treading as > lightly as possible. > It should be possible to use technical means to handle this negotiation > with little to no user input required. > The analogy is roughly that of escalation-of-force in law enforcement, > starting at a level of "polite requests". > > You can disagree, but I implore you: please don't stand in the way of those > wanting to find consensus on scalable, flexible, technical solutions that > encompass a wide range of network policies and enforcement needs. > > The main point is, I believe the end result will be mechanisms that allow > you to deploy networks that meet your needs, and software that you can > configure to bypass such controls, but that neither of those should ever be > the default configurations. > > If the results allow you to do what you want/need, and also allow others to > do what they want/need, everyone should be happy enough with the result. > > Can we at least agree on this as a desired goal for this work? > > Brian > > > _______________________________________________ > Doh mailing list > d...@ietf.org > https://www.ietf.org/mailman/listinfo/doh >
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop