how do you pick the trusted public-DNS resolver you need for this?
-
-
We operate such a service today. Idea is we resolve these request's host *only* via that path, and cert must line up with resolved IP. Can make it configurable as a (new) group policy (and disableable) for the paranoid. I'm sure there's a hole in this...


1 reply 0 retweets 0 likes -
Replying to @slightlylate @lcamtuf and
are you proposing leaking hostnames to Google independent of normal OS DNS settings?
1 reply 0 retweets 1 like -
Or whomever else you set as your "public only" resolver, yes. If the issue is DNS being overloaded for public/private (and another decade+ of this debate about something *every native app can do*), let's disentangle DNS.
1 reply 0 retweets 0 likes -
Replying to @slightlylate @lcamtuf and
and if the "public only" resolver lies to you, your internal network gets exposed to the internet?
2 replies 0 retweets 0 likes -
Replying to @tehjh @slightlylate and
and how do you pick the default resolver, given that the OS has no infrastructure for telling you what it is? default to Google? what should other browsers do?
1 reply 0 retweets 1 like -
Other browsers can do whatever they think is right for users (e.g., SafeBrowsing). Default situation is these requests fail (as they do today) and some services will run transitional proxies. Others won't. Cest la vie.
1 reply 0 retweets 0 likes -
Replying to @slightlylate @lcamtuf and
IOW, you're creating a mechanism that is kinda useless you're willing to break things for non-Chrome users?
1 reply 0 retweets 1 like -
This is all standards work. New things are defacto unsupported. Turns out making progress on new web features is hard, in part because skepticism about potential for success is pervasive!
2 replies 0 retweets 1 like -
Replying to @slightlylate @tehjh and
You eventually see patterns to arguments: 1.) Ugh, do we have to? 2.) Fine, but <thing wrong with sketch> 3.) But if you lead, others won't have already implemented; where is your beloved interop *then*!?!!! 4.) Ok, it's *nearly* everywhere, but IE6 5.) Now that we have this...
1 reply 0 retweets 1 like
Anyway, that's all by way of saying Twitter is the worst for this. Sorry for the noise!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.