Huh, okay. Are you expecting the clients to be presented with trusted certificates somehow? Forced to install/told they can't connect unless it's installed?
-
-
This Tweet is unavailable.
-
This Tweet is unavailable.
-
-
-
Enterprises tend to block outbound SSH, but not bound TLS. But Twitter is a bad place for me to discuss this, as there’s a lot of nuance to the subject

-
I just picked SSH at random, it can be DNS queries steganographically embedded in PDF files shared over email. Do people really argue they can prevent DNS queries from being tunnelled out of a network?

- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
. It seems pretty arbitrary to be concerned about monitoring for exfiltration via DoH, but not arbitrary other means of tunnelling DNS (e.g. DNS over SSH), or just any other protocol.