Well the confidentiality bit is kind of the reason for MITM in an enterprise so I'm not sure I feel that one applies. And integrity, I'm struggling to imagine the scenario where an employee needs to worry about their employer altering content in order to do them harm.
No, I mean you can't enable TLS interception without Admin (either via group policy, software run with consent, modifying the image, etc). Those are also all sufficient to disable DoH in the browser settings, right?
-
-
This Tweet is unavailable.
-
I'm pro-DoH, I'm trying to understand your concern
. It seems pretty arbitrary to be concerned about monitoring for exfiltration via DoH, but not arbitrary other means of tunnelling DNS (e.g. DNS over SSH), or just any other protocol. - 2 more replies
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.