nanog mailing list archives
Re: This DNS over HTTP thing
From: "John R. Levine" <johnl () iecc com>
Date: 3 Oct 2019 11:24:38 -0400
Yes, obviously they are trying multiple levers--but who gets to draw the line, where are they going to draw it, and why do they get to decide for me? What prevents an absurd 'solution' like "We can not only stop child molestation, but rape in general if we just castrate everyone" from being one of the levers, but intentionally breaking tools like DNS is acceptible?
The same reason we don't punish littering with a firing squad. Slippery slope arguments like this are counterproductive, since you're admitting that whatever is on your end of the alleged slope isn't really that bad.
People who are determined enough will find ways to circumvent the system--something along the lines of "the internet treats policy blocks as damage and routes around it".
Everyone knows that it's easy to circumvent DNS blocks, but in practice few people do, not knowing how to do it or not wanting to. To dredge up my favorite example, why would any normal person want to circumvent blocks against malware?
Regulators are concerned about DoH not so much because the traffic is encrypted, but that it circumvents existing blocks, in Mozilla's case without the permission or knowledge of the users. If that becomes widespread, the countermeasures will be ugly.
This isn't to argue that DNS blocking is a magic bullet, but it's a tool and you're not going to persuade anyone that the DNS is so sacred that nobody can touch it. Let's save that argument for strong encryption, where it's actually true.
Regards, John Levine, johnl () taugh com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
Current thread:
- Re: This DNS over HTTP thing, (continued)
- Re: This DNS over HTTP thing Ca By (Oct 02)
- RE: This DNS over HTTP thing Keith Medcalf (Oct 02)
- Re: This DNS over HTTP thing John Levine (Oct 02)
- Re: This DNS over HTTP thing Masataka Ohta (Oct 02)
- Re: This DNS over HTTP thing Tom Hill (Oct 03)
- Re: This DNS over HTTP thing Masataka Ohta (Oct 03)
- Re: This DNS over HTTP thing Tom Hill (Oct 03)
- Re: This DNS over HTTP thing Masataka Ohta (Oct 03)
- Re: This DNS over HTTP thing Tom Hill (Oct 03)
- Re: This DNS over HTTP thing Aaron C. de Bruyn via NANOG (Oct 02)
- Re: This DNS over HTTP thing John R. Levine (Oct 03)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 02)
- Re: This DNS over HTTP thing Niels Bakker (Oct 02)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 02)
- RE: This DNS over HTTP thing Keith Medcalf (Oct 02)
- Re: This DNS over HTTP thing Niels Bakker (Oct 03)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 03)