[c-nsp] rate limit dns

[Gert Doering]

Hi,

On Sun, Dec 29, 2013 at 12:10:28PM +0000, Dobbins, Roland wrote:
> On Dec 29, 2013, at 5:18 PM, Gert Doering <gert at greenie.muc.de> wrote:
> 
> > I might be a bit extreme on this, but I highly value the end-to-end communication nature of the Internet,
> 
> Again, causing users to utilize your recursors by default, plus Open DNS and Google DNS, and with an opt-out proviso for 'advanced' users, does not in any way inhibit their ability to access the Internet, while implementing such a policy materially contributes to the security of your user base.

And that is where we differ.  You find it OK to limit the protocol du jour
to "what users do not need", I do not agree to it.  Even if I agree with
you that "most users would not notice".

But then, for most users you could replace the Internet with a big
TV screen and they wouldn't notice - but that doesn't think I'll agree 
to it.

> I used to dread the day that a user would end up successfully
> suing a consumer broadband network operator due to a compromise
> which could've been avoided by implementing sensible, non-intrusive
> policies such as this one, 

in reasonable countries, ISPs are protected from charges for traffic they 
transport *unless* they start messing with it - if you start filtering 
traffic for "protocol X", but leave through the evil packets for 
"protocol Z", you're *way* more likely to be made liable for it.

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20131229/f525d450/attachment.sig>