nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: This DNS over HTTP thing

From: Stephane Bortzmeyer <bortzmeyer () nic fr>
Date: Tue, 1 Oct 2019 11:57:57 +0200
On Tue, Oct 01, 2019 at 10:35:31AM +0200,
 Jeroen Massar <jeroen () massar ch> wrote 
 a message of 29 lines which said:


Correct: for the DoH protocol it is not that goal, there it solely
is "encryption". But DoT already solves that.


DoT is fine, (and my own public resolver activates it) but, as you
know, it is too easy to block, either explicitely, or as a by-product
of a "only port 443" policy.

Also, most of the complaints (for instance by the lobby who wrote to
the US congress) about DoH apply also to DoT (for instance, like DoH,
it prevents the ISP to modify or even to see the DNS requests and
responses, so the lobbies who don't like DoH won't like DoT either).


For the implementation though of DoH (what most people have a
problem with), the sole goal is centralization


This is your personal opinion, not a fact. (Speaking as someone who
deployed a DoH resolver.)


and moving the information collection from the ISP to single
entities that are already collection so much data,


That's why we need more DoH resolvers. Install one!


The point is that the claimed goal (for the deployment) is that it
gives users 'privacy', but in the end that 'privacy' just moves from
the ISP that the user pays to an unrelated company that wants to see
it all...


Security is often moving stuff to a different trusted party (think of
VPNs, for instance).
Previous By Date Next
Previous By Thread Next

Current thread: