In your letter dated 10 Jan 2023 16:25:14 -0500 you wrote: >I'm with Paul here. If you don't like the way my resolver works, use >another one. > >Experience also tells us that if you give users knobs like this, they >will use them even when (especially when) they have no idea what they >are doing. "Someone said DoH pointing to this site in Russia is >super secure!"
I get the impression that you think this draft introduces knobs that don't exist at the moment. At the moment it is only a few clicks in Firefox to configure a custom resolver. On most operating systems with a GUI (including phones), it is only a few clicks to configure a custom DNS resolver. And many systems allow direct editing of /etc/resolv.conf to specify DNS resolvers. There have been cases in countries with censorship where people were teaching each other how to select a public resolver to bypass simple DNS-based censorship techniques. I don't understand how creating a protocol where such a policy can be expressed makes a big difference when users are already routinely selecting DNS resolvers by hand. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop