[185860] in North American Network Operators' Group
Re: DNSSEC and ISPs faking DNS responses
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sat Nov 14 19:49:15 2015
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <B555B3D4-CF2F-4A1B-B708-CECC9A7285E4@arbor.net>
Date: Sat, 14 Nov 2015 16:46:04 -0800
To: Roland Dobbins <rdobbins@arbor.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> On Nov 14, 2015, at 04:34 , Roland Dobbins <rdobbins@arbor.net> wrote:
>=20
> On 14 Nov 2015, at 19:07, Owen DeLong wrote:
>=20
>> The point you seem to be missing is that your =E2=80=9Cuntil=E2=80=A6=E2=
=80=9D is already met.
>=20
> Not AFAICT. It isn't a default in the OS and on the window =
manager/home screen.
>=20
>> I know of at least one ISP that is providing CPE with VPN =
pre-configured and built in.
>=20
> That makes one.
>=20
>> I know of several other software/service solutions that are literally =
download-launch-subscribe. (download client software, launch installer, =
supply payment information for subscription).
>=20
> The 'download' part is the main barrier to entry.
Trust me, this is not a significant barrier to entry. If it were, Chrome =
would be virtually unused except on Droid.
>=20
>> You=E2=80=99re not looking at the right VPN software.
>=20
> I look at VPN software all the time, from many providers.
>=20
>> The built-in stuff is crap that is years behind the current state of =
the art.
>=20
> My point is that it's in the OS.
Who cares?
That=E2=80=99s like saying that Nobody uses a different preference of =
web browser, they almost all stick to the one that comes with the OS.
If that were true, Firefox would only run on Linux and Chrome would only =
run on Chromebooks and Droids.
>=20
>> More likely this is going to be iterations of what is already being =
more widely accepted. Downloadable pre-configured client software that =
works with a particular VPN service.
>=20
> Again, downloading is a barrier to entry. Don't you remember the =
browser wars and the Microsoft anti-trust case?
I do. I also note that the issue there wasn=E2=80=99t merely that IE =
shipped with the OS, but the fact that you could _NOT_ extricate it from =
the OS and beyond just downloading another browser, it took significant =
knowledge to make that other browser the preferred browser on the system =
with any meaningful persistence.
>> Point-click-subscribe model seems to receive fairly wide adoption =
among people sufficiently interested in bypassing {insert network damage =
here} to pay a monthly fee for a service that will do it.
>=20
> 'Sufficiently interested' is a limiting factor. 'Sufficiently =
interested' to learn that such a thing is possible, and to figure out =
how to go about doing it.
Among a given community it seems to only take a couple of individuals =
who figure it out once and if it is sufficiently easy to =E2=80=9Cshow a =
friend=E2=80=9D such that that friend finds it sufficientlly easy to =
teach others, adoption spreads quite rapidly through said community.
> Of course, the other concern is that governments which don't already =
interfere with VPNs will outlaw VPNs in the name of 'national security'. =
Answering my own question, the OS/device vendors won't get into the VPN =
business due to this issue.
Sure, which is why FLOSS or off-shore subscription services will be the =
likely successful models here and so far, they are succeeding though not =
to the extent you might consider main stream as yet.
Owen
