nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: This DNS over HTTP thing

From: Jeroen Massar <jeroen () massar ch>
Date: Tue, 1 Oct 2019 10:35:31 +0200
On 2019-10-01 10:08, Stephane Bortzmeyer wrote:

On Tue, Oct 01, 2019 at 09:55:54AM +0200,
 Jeroen Massar <jeroen () massar ch> wrote 
 a message of 26 lines which said:


(Because this canary domain contradicts DoH's goals, by allowing
the very party you don't trust to remotely disable security.)


The goal is centralization of DNS


Hmmm, no, read RFC 8484 (section 1).


Correct: for the DoH protocol it is not that goal, there it solely is "encryption". But DoT already solves that.

For the implementation though of DoH (what most people have a problem with), the sole goal is centralization and moving 
the information collection from the ISP to single entities that are already collection so much data, this just gives 
them more and for properties they do not even operate.


While the 'connection to the recursor' is 'encrypted', the recursor
is still in clear text... one just moves who can see what you are
doing with this.


As with any cryptographic protocol. Same thing with VPNs, SSH and
whatever: the remote end can see what you do. What's your point?


The point is that the claimed goal (for the deployment) is that it gives users 'privacy', but in the end that 'privacy' 
just moves from the ISP that the user pays to an unrelated company that wants to see it all...

False advertising anyone?

Greets,
 Jeroen
Previous By Date Next
Previous By Thread Next

Current thread: