Educause Security Discussion mailing list archives
Re: DNS over HTTPS changes
From: "Barros, Jacob" <jkbarros () GRACE EDU>
Date: Wed, 25 Sep 2019 14:08:21 -0400
I was thinking that as well Dave. Any thoughts from those of you who are using eduroam as your primary ssid? <https://www.grace.edu/> Jacob Barros Associate Director of IT, Network and Operations | OIT E: barrosjk () grace edu | W: 574.372.5100 ext. 6178 <https://www.grace.edu/> On Wed, Sep 25, 2019 at 11:59 AM LaPorte, David <david_laporte () harvard edu> wrote:
I haven’t seen much mention of the impact of DoH on captive portal-based user on-boarding, which we rely on to bootstrap users to our EAP-TLS wireless network. I would expect DoH to break that, any reason to believe otherwise? Dave *From: *The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Kevin Wilcox < wilcoxkm () APPSTATE EDU> *Reply-To: *The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *Date: *Wednesday, September 25, 2019 at 11:35 *To: *"SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> *Subject: *Re: [SECURITY] DNS over HTTPS changes On Wed, 25 Sep 2019 at 08:32, Barros, Jacob <jkbarros () grace edu> wrote: Specifically, for institutionally managed devices are you disabling DNS over HTTPS in your browsers? For non-managed devices, is there intent to block DNS over HTTPs or TLS and if so what would your reasons be for doing so? Aye we'll disable it via browser config for managed/University-owned devices with plans to blacklist any known DoH servers via DNS and DNS over TLS servers by IP for University "business" networks. For students and "guests", we wouldn't dare - we are their ISP, we stay very hands-off with them. Has anyone published information for students on how this might impact them? I know Cisco has published workarounds if there is an issue with Umbrella/OpenDns. Are there other services that you're concerned about? My biggest concern with students is sending all of their DNS searches to companies with a vested interest in monetising their data, but the illusion of privacy and industry-introduced security theatre is often more persuasive than the reality and it's their choice to make. kmw ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFaQ&c=WO-RGvefibhHBZq3fL85hQ&r=MOrPzn96ki798xbUwXJc6Hbb8ZwV-Df1GCkE26WPyzg&m=dp6v2idxnegFfhYPSi7ktRNvQFkVlj12csB8mDc4_Vk&s=W60a7hDlMPjeRYlZcF-ZVucZZ-lUTKU3VhtLRVl3MLo&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- DNS over HTTPS changes Barros, Jacob (Sep 25)
- Re: DNS over HTTPS changes Pete, Andrew (Sep 25)
- Re: DNS over HTTPS changes Kevin Wilcox (Sep 25)
- Re: DNS over HTTPS changes LaPorte, David (Sep 25)
- Re: DNS over HTTPS changes Barros, Jacob (Sep 25)
- Re: DNS over HTTPS changes LaPorte, David (Sep 25)
- Re: DNS over HTTPS changes John McCabe (Sep 25)