I don't follow. If you're authorized to administer the endpoints, just don't use DoH and no sacrifices will be necessary?
The people doing the snooping are *heavily* invested in plaintext DNS, and are pushing back very hard against DoH, with pretty dubious arguments. Some of them say, "You've got us all wrong, we love DNS privacy, please just use DoT instead!"
-
-
The problem is, it's very easy to force users to downgrade from DoT to plaintext. A cynic might suspect they know that fact, and that's why they support it. It is very hard to downgrade DoH to plaintext unless you own the endpoint, or have permission from the user.
-
Would a non-downgradable DoT fulfill the use cases for DoH?
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
