> Most people are aware of their untrustworthiness, though, which is not limited > just to DNS resolution. It would be nice if devices had a reliable concept of > "home > network" and "away network" and applied different UXs and protections.
Windows had that exact same thought many years ago, and it has the Private, Public, and Domain network profiles to address this kind of need. However, we have found over the years that users do not understand the differences well, and the application of such isn't as effective for Public (coffee shop, hotel, airport) versus Private (home or work Wi-Fi) as we would hope. Users often mistake the words to mean Public (it's ok for my device to be publicly visible) and Private (keep my device hidden). I'm also wary of making promises via UX based on network identity rather than networking peer identity. When I cleverly name my home Wi-Fi after a pop culture reference, then go to another network which is administered by someone with the same stroke of genius, what factors do we rely on to decide we are getting name resolutions from "home"? Enterprise security measures aren't in scope for this consumer scenario, device management by the ISP is out of the question, and expecting users to actively participate in configuring any trust mechanisms that says "check for this to know if we are on my home network" is not reasonable. So yes, that does sound nice, but let's please not go down that road (again). Thanks, Tommy _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
