The very same people who tell us malware will obey our endpoint DNS configuration are busy deploying web browsers which default to doing just the opposite.https://twitter.com/taviso/status/1181760420056428544 …
I still don't follow, if you're asking malware authors to promise never to use DoH, isn't that what you were making fun of earlier? To quote you, "Pretty please use the DNS resolver I configured?".
-
-
It seems like you're saying you think software shouldn't use DoH because if you disable it, malware might ignore you. That just doesn't make sense - malware *is* software - it can use DoH today whether other software does or not.
-
imagine if DoH were never an RFC and wasn't deployed by the top unblockable web search provider. In that world, malware would not be able to use DoH without being obvious and being caught. I'm not saying we shouldn't *use* DoH. I'm saying we shouldn't even *invent* it.
- 10 more replies
New conversation -
-
-
it would be awfully hard for them to use it if it weren't a thing or wasn't deployed in a way to make it difficult to prevent.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.