<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style></head><body lang=EN-US link=blue vlink="#954F72"><div class=WordSection1><p class=MsoNormal>Kool ! Creative name, Kudos to that company.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Mike</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Sent from <a href="https://go.microsoft.com/fwlink/?LinkId=550986">Mail</a> for Windows 10</p><p class=MsoNormal><o:p> </o:p></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='border:none;padding:0in'><b>From: </b><a href="mailto:crankyoldbugger@gmail.com">CrankyOldBugger</a><br><b>Sent: </b>Tuesday, April 7, 2020 4:28 PM<br><b>To: </b><a href="mailto:kwlug-disc@kwlug.org">KWLUG discussion</a><br><b>Subject: </b>Re: [kwlug-disc] CIRA Canadian Shield DNS</p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>Ack..  </p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>That's twice today I've heard the expression "Canadian Shield".. apparently a Kitchener 3D printing company just spun of a medical shield division called The Canadian Shield.. <a href="https://www.cbc.ca/news/canada/kitchener-waterloo/kitchener-inksmith-canadian-face-shield-1.5525094?cmp=rss">https://www.cbc.ca/news/canada/kitchener-waterloo/kitchener-inksmith-canadian-face-shield-1.5525094?cmp=rss</a></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Tue, 7 Apr 2020 at 16:18, Chris Irwin <<a href="mailto:chris@chrisirwin.ca">chris@chrisirwin.ca</a>> wrote:</p></div></div><p class=MsoNormal style='margin-left:4.8pt'>(Quick aside, can somebody ack the list to ensure this was received?  <br>Particularly if you're on a large host like gmail/o365/etc? I've got <br>SPF, DKIM, and DMARC set up and am curious if it affects re-delivery via <br>mail lists)<br><br>Just curious if anybody has thoughts on CIRA's new "Canadian-Shield" <br>DNS?<br><br>     <a href="https://www.cira.ca/cybersecurity-services/canadian-shield" target="_blank">https://www.cira.ca/cybersecurity-services/canadian-shield</a><br><br>Big selling features seem to be:<br><br>* Keeping data inside Canada<br>* DNS, DoT, and DoH support<br>* CIRA being a non-profit<br><br>Their FAQ and privacy policy addresses a few privacy concerns, as well:<br><br>     <a href="https://www.cira.ca/cybersecurity-services/canadian-shield/faq" target="_blank">https://www.cira.ca/cybersecurity-services/canadian-shield/faq</a><br><br>     <a href="https://www.cira.ca/cybersecurity-services/canadian-shield/privacy" target="_blank">https://www.cira.ca/cybersecurity-services/canadian-shield/privacy</a><br><br>The summary seems to be:<br><br>* Don't use personal info for themselves or third parties<br>* Queries with IPs are logged for 24 hours to detect abuse<br>* Specifically, they mention IPs removed after 24 hours<br>* After 24 hours, only aggreggate data retained<br><br>Optional DNS-level malware filtering, and optional "family" filters are <br>available as well. Apparently the family filter blocks Reddit (which to <br>be fair...). I've been using the malware-filtering DNS for a few days <br>without complaint.<br><br>I did have some issues confirming it was working due to some agressive <br>DNSSEC enforcement on my router (their non-propigated test domains are <br>not signed, but the rest of <a href="http://cira.ca" target="_blank">cira.ca</a> is, so my router was refusing to <br>return an unsigned result for a signed domain). That's not specific to <br>this DNS, however.<br><br>-- <br>Chris Irwin<br><br>email:   <a href="mailto:chris@chrisirwin.ca" target="_blank">chris@chrisirwin.ca</a><br>  xmpp:   <a href="mailto:chris@chrisirwin.ca" target="_blank">chris@chrisirwin.ca</a><br>   web: <a href="https://chrisirwin.ca" target="_blank">https://chrisirwin.ca</a><br><br>_______________________________________________<br>kwlug-disc mailing list<br><a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br><a href="https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" target="_blank">https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>