But let me then ask you some questions. Do you advocate encrypting DNS for everyone & sending it straight to Google or Cloudflare, by default?
-
-
Replying to @PowerDNS_Bert
You're right, I do keep believing that, because I don't see how you can argue for more network monitoring and more privacy from network monitoring at the same time. You phrased the question strangely, but yes I think encrypting everything by default is a good idea.
1 reply 0 retweets 1 like -
Replying to @taviso
And encrypt to just anyone? Or does it matter where the plaintext ends up? I asked you specifically: do you advocate sending DNS by default (over an encrypted connection) to Google and Cloudflare.
1 reply 0 retweets 0 likes -
Replying to @PowerDNS_Bert
Yes, DNS queries should be encrypted by default, the answer doesn't change based on who you're querying. Where is this going Bert?
1 reply 0 retweets 0 likes -
Replying to @taviso
So are you advocating sending DNS by default to Google and Cloudflare specifically? It is not a very hard question. Much like a VPN only changes the endpoint of your data, the endpoint is very important. Hence the question.
1 reply 0 retweets 0 likes -
Replying to @PowerDNS_Bert
No, I don't advocate for Google and Cloudflare specifically. Just that the queries are encrypted.
1 reply 0 retweets 0 likes -
Replying to @taviso
You'll have to pick something though - my argument is only about the default. I've done a lot of work promoting encrypted DNS & run an encrypted DNS service. Our only difference appears to be about the default. Which default do you argue for then if not Google and Cloudflare?
1 reply 0 retweets 0 likes -
Replying to @PowerDNS_Bert
The difference is that you think network operators should be able to see end-user queries, and I don't think that's compatible with "I'm pro DNS encryption"? I have no idea how you got to "Cloudflare and Google" from that?
2 replies 0 retweets 0 likes -
Replying to @taviso @PowerDNS_Bert
I understand that you've implemented DNS encryption, but the NSA implemented and promoted Skipjack, a block cipher. The purpose of implementing it was not because they were pro-encryption, it would be disingenuous to claim otherwise, right?
1 reply 0 retweets 0 likes -
Replying to @taviso
Now that you keep mentioning the NSA, I asked specifically about whom you'd want to encrypt DNS *to*. It turns out every US company has a MAJOR vulnerability on that front - it must respond to FISA 702, which offers scant protection to non-US persons. So endpoint matters a lot!
1 reply 0 retweets 1 like
You are throwing a lot of chaff out here, which makes me think my observation that you're trying to hedge against an unpopular opinion was accurate. Let's stick to the point, I don't want to argue if monitoring is good or bad - just that its disingenuous to call it pro-encryption
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.