DNSSEC and ISPs faking DNS responses

Roland Dobbins rdobbins at arbor.net
Sat Nov 14 12:34:20 UTC 2015

On 14 Nov 2015, at 19:07, Owen DeLong wrote:

> The point you seem to be missing is that your “until…” is 
> already met.

Not AFAICT.  It isn't a default in the OS and on the window manager/home 

> I know of at least one ISP that is providing CPE with VPN 
> pre-configured and built in.

That makes one.

> I know of several other software/service solutions that are literally 
> download-launch-subscribe. (download client software, launch 
> installer, supply payment information for subscription).

The 'download' part is the main barrier to entry.

> You’re not looking at the right VPN software.

I look at VPN software all the time, from many providers.

> The built-in stuff is crap that is years behind the current state of 
> the art.

My point is that it's in the OS.

> More likely this is going to be iterations of what is already being 
> more widely accepted. Downloadable pre-configured client software that 
> works with a particular VPN service.

Again, downloading is a barrier to entry.  Don't you remember the 
browser wars and the Microsoft anti-trust case?

> Point-click-subscribe model seems to receive fairly wide adoption 
> among people sufficiently interested in bypassing {insert network 
> damage here} to pay a monthly fee for a service that will do it.

'Sufficiently interested' is a limiting factor.  'Sufficiently 
interested' to learn that such a thing is possible, and to figure out 
how to go about doing it.

Of course, the other concern is that governments which don't already 
interfere with VPNs will outlaw VPNs in the name of 'national security'. 
  Answering my own question, the OS/device vendors won't get into the 
VPN business due to this issue.

Roland Dobbins <rdobbins at arbor.net>

More information about the NANOG mailing list