nanog mailing list archives
Re: This DNS over HTTP thing
From: Jeroen Massar <jeroen () massar ch>
Date: Tue, 1 Oct 2019 10:35:31 +0200
On 2019-10-01 10:08, Stephane Bortzmeyer wrote:
On Tue, Oct 01, 2019 at 09:55:54AM +0200, Jeroen Massar <jeroen () massar ch> wrote a message of 26 lines which said:(Because this canary domain contradicts DoH's goals, by allowing the very party you don't trust to remotely disable security.)The goal is centralization of DNSHmmm, no, read RFC 8484 (section 1).
Correct: for the DoH protocol it is not that goal, there it solely is "encryption". But DoT already solves that. For the implementation though of DoH (what most people have a problem with), the sole goal is centralization and moving the information collection from the ISP to single entities that are already collection so much data, this just gives them more and for properties they do not even operate.
While the 'connection to the recursor' is 'encrypted', the recursor is still in clear text... one just moves who can see what you are doing with this.As with any cryptographic protocol. Same thing with VPNs, SSH and whatever: the remote end can see what you do. What's your point?
The point is that the claimed goal (for the deployment) is that it gives users 'privacy', but in the end that 'privacy' just moves from the ISP that the user pays to an unrelated company that wants to see it all... False advertising anyone? Greets, Jeroen
Current thread:
- RE: This DNS over HTTP thing, (continued)
- RE: This DNS over HTTP thing Keith Medcalf (Oct 02)
- Re: This DNS over HTTP thing Niels Bakker (Oct 03)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 03)
- Re: This DNS over HTTP thing Grzegorz Janoszka (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Brandon Martin (Oct 01)
- Re: This DNS over HTTP thing Robert Kisteleki (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Jared Mauch (Oct 01)
- Re: This DNS over HTTP thing Stephane Bortzmeyer (Oct 01)
- Re: This DNS over HTTP thing Jared Mauch (Oct 01)
- Re: This DNS over HTTP thing Jeroen Massar (Oct 01)
- Re: This DNS over HTTP thing Ca By (Oct 01)
- Re: This DNS over HTTP thing Matt Harris (Oct 01)
- Re: This DNS over HTTP thing Brandon Martin (Oct 01)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 01)
- Re: This DNS over HTTP thing Damian Menscher via NANOG (Oct 01)