Re: DNSSEC and ISPs faking DNS responses

[Owen DeLong <owen () delong com>]

> On Nov 14, 2015, at 03:11 , Roland Dobbins <rdobbins () arbor net> wrote:
>
> On 14 Nov 2015, at 16:05, Owen DeLong wrote:
>
> > Lots of VPN services out there like the ones mentioned earlier in the thread have made it nearly as simple to 
> > install and operate a VPN.
>
> Until the setup and functionality are automagic, we're not going to see broad use of VPNs by non-specialists.

The point you seem to be missing is that your “until…” is already met.

I know of at least one ISP that is providing CPE with VPN pre-configured and built in.

I know of several other software/service solutions that are literally download-launch-subscribe. (download client 
software, launch installer, supply payment information for subscription).

> VPN functionality is built into pretty much every mainstream (and many non-mainstream) OS out there, including mobile 
> devices.  But it isn't something that's simple; users have to at a minimum install and accept a VPN profile, which 
> means they have to go looking for a service in the first place.

You’re not looking at the right VPN software. The built-in stuff is crap that is years behind the current state of the 
art.

> I'm wondering if perhaps major OS vendors/developers may start offering/OEMing VPN services, or at least distributing 
> profiles in the same way as browser vendors/developers distribute CA certs?

More likely this is going to be iterations of what is already being more widely accepted. Downloadable pre-configured 
client software that works with a particular VPN service.

Point-click-subscribe model seems to receive fairly wide adoption among people sufficiently interested in bypassing 
{insert network damage here} to pay a monthly fee for a service that will do it.

I think the going rate is something like $5/month for US VPNs last time I looked.

Owen