Is your argument that users could just setup a raspberry pi, but they won't be able to disable DoH in the browser? If you're convinced DoH removes so much value, why worry, won't users just disable it?
-
-
that's a topic change. we were discussing single points of failure. centralized dns offers many more points of failure.
2 replies 1 retweet 4 likes -
fwiw, I have given up debating with Tavis for this reason - it is not an actual discussion that could lead to results.
1 reply 1 retweet 2 likes -
i try not to give up on anybody unless they seem purposeful (intellectually dishonest) rather than confused (self deception and ignorance). my jury is still out on tavis, though i admit i'm close to the point of ignoring him.
3 replies 0 retweets 6 likes -
Heh, the benefits of DoH are so obvious, the arguments against it so weak, and the motivations of the opponents so transparent that the writing is on the wall. DoH is a certainty, does that tip the scale?
3 replies 0 retweets 9 likes -
Replying to @ljean @paulvixie and
How can I possibly force anything down anyone's throats? I just believe in it, and think it's so obviously beneficial for society that it will certainly be adopted. In 10 years, they'll look like th people arguing against HTTPS adoption.
1 reply 0 retweets 0 likes -
inb4 someone charicturizes this argument as Google Employee vs DNS protocol contribs Malware traffic over DoH with TLS1.3 eSNI doesn't outweigh "benefits for society"? Losing the ability to filter out traffic on the xport layer is better for society? Am I missing something?
1 reply 0 retweets 1 like -
You need to explain the problem, because if it's your endpoint you can filter anything you want with or without DoH. If it's not your endpoint, then you should ask the owner for permission, at which point you can still filter anything you want.
1 reply 0 retweets 1 like -
The problem is that we can no longer do deep packet inspection on traffic passing through a router. If you're a systems administrator, you lose the ability to protect endpoints at the gate. DNS effectively gets moved to the application layer.
3 replies 0 retweets 0 likes
Is it your endpoint? Then of course you can continue to do packet inspection. If it's not your endpoint, then correct, you will need to start asking for permission. This is a good thing for society, because people should not be able to snoop without permission.
-
-
But that's not always possible. What about IoT? I own a good deal of IoT devices and AFAIK it's not incredibly easy to install a cert on an IoT device. I've lost that control.
3 replies 0 retweets 0 likes -
Nobody is proposing deploying DoH in such a way that cannot be disabled by the owner. If anyone did do such a user hostile thing, then what difference does it make, they could just use a custom protocol anyway.
1 reply 0 retweets 0 likes - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.