Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS over HTTPS changes

From: "Barros, Jacob" <jkbarros () GRACE EDU>
Date: Wed, 25 Sep 2019 14:08:21 -0400
I was thinking that as well Dave.  Any thoughts from those of you who are
using eduroam as your primary ssid?



<https://www.grace.edu/>

Jacob Barros

Associate Director of IT, Network and Operations | OIT

E: barrosjk () grace edu | W: 574.372.5100 ext. 6178

<https://www.grace.edu/>





On Wed, Sep 25, 2019 at 11:59 AM LaPorte, David <david_laporte () harvard edu>
wrote:


I haven’t seen much mention of the impact of DoH on captive portal-based
user on-boarding, which we rely on to bootstrap users to our EAP-TLS
wireless network.  I would expect DoH to break that, any reason to believe
otherwise?



Dave



*From: *The EDUCAUSE Security Community Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Kevin Wilcox <
wilcoxkm () APPSTATE EDU>
*Reply-To: *The EDUCAUSE Security Community Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU>
*Date: *Wednesday, September 25, 2019 at 11:35
*To: *"SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
*Subject: *Re: [SECURITY] DNS over HTTPS changes





On Wed, 25 Sep 2019 at 08:32, Barros, Jacob <jkbarros () grace edu> wrote:



Specifically, for institutionally managed devices are you disabling DNS
over HTTPS in your browsers?  For non-managed devices, is there intent to
block DNS over HTTPs or TLS and if so what would your reasons be for doing
so?



Aye we'll disable it via browser config for managed/University-owned
devices with plans to blacklist any known DoH servers via DNS and DNS over
TLS servers by IP for University "business" networks.



For students and "guests", we wouldn't dare - we are their ISP, we stay
very hands-off with them.



Has anyone published information for students on how this might impact
them?  I know Cisco has published workarounds if there is an issue with
Umbrella/OpenDns.  Are there other services that you're concerned about?



My biggest concern with students is sending all of their DNS searches to
companies with a vested interest in monetising their data, but the illusion
of privacy and industry-introduced security theatre is often more
persuasive than the reality and it's their choice to make.



kmw

**********
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email reply.
Additional participation and subscription information can be found at
https://www.educause.edu/community
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFaQ&c=WO-RGvefibhHBZq3fL85hQ&r=MOrPzn96ki798xbUwXJc6Hbb8ZwV-Df1GCkE26WPyzg&m=dp6v2idxnegFfhYPSi7ktRNvQFkVlj12csB8mDc4_Vk&s=W60a7hDlMPjeRYlZcF-ZVucZZ-lUTKU3VhtLRVl3MLo&e=>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email reply.
Additional participation and subscription information can be found at
https://www.educause.edu/community



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Previous By Date Next
Previous By Thread Next

Current thread: