nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: This DNS over HTTP thing

From: "John R. Levine" <johnl () iecc com>
Date: 3 Oct 2019 11:24:38 -0400
Yes, obviously they are trying multiple levers--but who gets to draw the
line, where are they going to draw it, and why do they get to decide for me?
What prevents an absurd 'solution' like "We can not only stop child
molestation, but rape in general if we just castrate everyone" from being
one of the levers, but intentionally breaking tools like DNS is acceptible?
The same reason we don't punish littering with a firing squad. Slippery slope arguments like this are counterproductive, since you're admitting that whatever is on your end of the alleged slope isn't really that bad. 


People who are determined enough will find ways to circumvent the
system--something along the lines of "the internet treats policy blocks as
damage and routes around it".
Everyone knows that it's easy to circumvent DNS blocks, but in practice few people do, not knowing how to do it or not wanting to. To dredge up my favorite example, why would any normal person want to circumvent blocks against malware?
Regulators are concerned about DoH not so much because the traffic is encrypted, but that it circumvents existing blocks, in Mozilla's case without the permission or knowledge of the users. If that becomes widespread, the countermeasures will be ugly.
This isn't to argue that DNS blocking is a magic bullet, but it's a tool and you're not going to persuade anyone that the DNS is so sacred that nobody can touch it. Let's save that argument for strong encryption, where it's actually true. 

Regards,
John Levine, johnl () taugh com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
Previous By Date Next
Previous By Thread Next

Current thread: