Educause Security Discussion mailing list archives
Re: DNS over HTTPS changes
From: "LaPorte, David" <david_laporte () HARVARD EDU>
Date: Wed, 25 Sep 2019 15:49:33 +0000
I haven’t seen much mention of the impact of DoH on captive portal-based user on-boarding, which we rely on to bootstrap users to our EAP-TLS wireless network. I would expect DoH to break that, any reason to believe otherwise? Dave From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Kevin Wilcox <wilcoxkm () APPSTATE EDU> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Wednesday, September 25, 2019 at 11:35 To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] DNS over HTTPS changes On Wed, 25 Sep 2019 at 08:32, Barros, Jacob <jkbarros () grace edu<mailto:jkbarros () grace edu>> wrote: Specifically, for institutionally managed devices are you disabling DNS over HTTPS in your browsers? For non-managed devices, is there intent to block DNS over HTTPs or TLS and if so what would your reasons be for doing so? Aye we'll disable it via browser config for managed/University-owned devices with plans to blacklist any known DoH servers via DNS and DNS over TLS servers by IP for University "business" networks. For students and "guests", we wouldn't dare - we are their ISP, we stay very hands-off with them. Has anyone published information for students on how this might impact them? I know Cisco has published workarounds if there is an issue with Umbrella/OpenDns. Are there other services that you're concerned about? My biggest concern with students is sending all of their DNS searches to companies with a vested interest in monetising their data, but the illusion of privacy and industry-introduced security theatre is often more persuasive than the reality and it's their choice to make. kmw ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFaQ&c=WO-RGvefibhHBZq3fL85hQ&r=MOrPzn96ki798xbUwXJc6Hbb8ZwV-Df1GCkE26WPyzg&m=dp6v2idxnegFfhYPSi7ktRNvQFkVlj12csB8mDc4_Vk&s=W60a7hDlMPjeRYlZcF-ZVucZZ-lUTKU3VhtLRVl3MLo&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- DNS over HTTPS changes Barros, Jacob (Sep 25)
- Re: DNS over HTTPS changes Pete, Andrew (Sep 25)
- Re: DNS over HTTPS changes Kevin Wilcox (Sep 25)
- Re: DNS over HTTPS changes LaPorte, David (Sep 25)
- Re: DNS over HTTPS changes Barros, Jacob (Sep 25)
- Re: DNS over HTTPS changes LaPorte, David (Sep 25)
- Re: DNS over HTTPS changes John McCabe (Sep 25)