nanog mailing list archives
Re: This DNS over HTTP thing
From: Stephane Bortzmeyer <bortzmeyer () nic fr>
Date: Tue, 1 Oct 2019 11:57:57 +0200
On Tue, Oct 01, 2019 at 10:35:31AM +0200, Jeroen Massar <jeroen () massar ch> wrote a message of 29 lines which said:
Correct: for the DoH protocol it is not that goal, there it solely is "encryption". But DoT already solves that.
DoT is fine, (and my own public resolver activates it) but, as you know, it is too easy to block, either explicitely, or as a by-product of a "only port 443" policy. Also, most of the complaints (for instance by the lobby who wrote to the US congress) about DoH apply also to DoT (for instance, like DoH, it prevents the ISP to modify or even to see the DNS requests and responses, so the lobbies who don't like DoH won't like DoT either).
For the implementation though of DoH (what most people have a problem with), the sole goal is centralization
This is your personal opinion, not a fact. (Speaking as someone who deployed a DoH resolver.)
and moving the information collection from the ISP to single entities that are already collection so much data,
That's why we need more DoH resolvers. Install one!
The point is that the claimed goal (for the deployment) is that it gives users 'privacy', but in the end that 'privacy' just moves from the ISP that the user pays to an unrelated company that wants to see it all...
Security is often moving stuff to a different trusted party (think of VPNs, for instance).
Current thread:
- Re: This DNS over HTTP thing, (continued)
- Re: This DNS over HTTP thing Niels Bakker (Oct 03)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 03)
- Re: This DNS over HTTP thing Grzegorz Janoszka (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Brandon Martin (Oct 01)
- Re: This DNS over HTTP thing Robert Kisteleki (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Jared Mauch (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Jared Mauch (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Ca By (Oct 01)
- Re: This DNS over HTTP thing Matt Harris (Oct 01)
- Re: This DNS over HTTP thing Brandon Martin (Oct 01)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 01)
- Re: This DNS over HTTP thing Damian Menscher via NANOG (Oct 01)
- Re: This DNS over HTTP thing K. Scott Helms (Oct 01)