[afnog] Trusted Recursive Resolver (DoH)

Tue Apr 2 16:49:07 UTC 2019

hello SM
i'll comment inline

Le mar. 2 avr. 2019 à 17:26, S. Moonesamy <sm+af at afrinic.net> a écrit :

> Dear Serge,
> At 01:21 AM 02-04-2019, Iyedi Goma wrote:
> >i m very glad to reed your email , in wich i have a specific interest;
>
> Thank you for the interest in the topic.  I'll comment inline.
>
> >in this specific case the questions could be if is good or bad in
> >the situation where you don't trust your ISP , yes using remote
> >resolution  could be good
>
> In my opinion, that is a good question.
>
> >2-DNS is an application level service no more in network layer
> >  the question may be if is good or bad, one of the mojor argument
> > of those who promoted DoH like mozilla they strongly think that the
> > application provider is smarter than the user, and is honest but we
> > can raise the point where application is smarter than the user and
> > is dishonest ...
> >it will be bad if the remote DoH server provided by the application
> >maker fails , if the application maker's interests and the user's
> >interests are in conflit or opposite
>
> I haven't had time to follow how Mozilla is promoting DoH in or
> outside the region.   As you mentioned, the interests of the
> application provider could be in conflict with the interests of the user.
>
> >3- if the DOH as default this will mean each application maker can
> >hardwire their own remote resolver
> >
> >**** this will concentrate more power to browser makers like apple,
> >mozilla, google,microsoft they will have 90% of market control ,90%
> >of world's web traffic and resolution, and they are all in the same
> >country and juridiction, you can easlily imagine how the new world
> >will became ?
>
> This is not directly related to the above.  There is an academic
> paper which mentioned that there was "a considerable degree of
> consolidation within the DNS space between November 2011 and May 2017".
>
> >my last point is about performance and the cost
> >i'm not an expert on mesure, but people need to think about the
> >impact on this pushing dns trafic via http will rise trafic on
> >network, it may seems no thing according to some perpective but when
> >you have thousand of users sending queries by https the volume of
> >ISP traffic will increase,
> >we know that 70% of Internet users in Africa use mobile (gsm) whith
> >the model of payement based on volume use, more data you use more
> >you paye, i don't have any statistique on this but surely this will
> >cost some thing.
>
> There are some statistics at
>
> https://www.itu.int/en/ITU-D/Statistics/Documents/statistics/2018/Mobile_cellular_2000-2017_Dec2018.xls
>
>
tks for the link i will find time to analyze

> >all this debate is about havening appropriate policies, and them
> >the  question is if you trust you ISP,  if you trust your regulator
> policies?
>
> Yes.
>
> >we are at the point of dilemma on who should  chooses ours
> >resolvers? the user, the isp? the browser? and who should be
> >entitled to apply does policies the government,the resolver??....
>
> There are various forums in which those matters are discussed.  Some
> of them are at the national level.
>


yes like IGF, which can be a nice plateforme to exchange, once again this
may need a good debate
in our region we have several IGF process it will be good that those items
feets with the local realities and the follow up after the event


tks

>
> Regards,
> S. Moonesamy
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20190402/1b64a470/attachment.html>