How can I possibly force anything down anyone's throats? I just believe in it, and think it's so obviously beneficial for society that it will certainly be adopted. In 10 years, they'll look like th people arguing against HTTPS adoption.
-
-
inb4 someone charicturizes this argument as Google Employee vs DNS protocol contribs Malware traffic over DoH with TLS1.3 eSNI doesn't outweigh "benefits for society"? Losing the ability to filter out traffic on the xport layer is better for society? Am I missing something?
1 reply 0 retweets 1 like -
You need to explain the problem, because if it's your endpoint you can filter anything you want with or without DoH. If it's not your endpoint, then you should ask the owner for permission, at which point you can still filter anything you want.
1 reply 0 retweets 1 like -
The problem is that we can no longer do deep packet inspection on traffic passing through a router. If you're a systems administrator, you lose the ability to protect endpoints at the gate. DNS effectively gets moved to the application layer.
3 replies 0 retweets 0 likes -
Is it your endpoint? Then of course you can continue to do packet inspection. If it's not your endpoint, then correct, you will need to start asking for permission. This is a good thing for society, because people should not be able to snoop without permission.
1 reply 0 retweets 1 like -
But that's not always possible. What about IoT? I own a good deal of IoT devices and AFAIK it's not incredibly easy to install a cert on an IoT device. I've lost that control.
3 replies 0 retweets 0 likes -
Nobody is proposing deploying DoH in such a way that cannot be disabled by the owner. If anyone did do such a user hostile thing, then what difference does it make, they could just use a custom protocol anyway.
1 reply 0 retweets 0 likes -
There's little doubt that it *will* happen. Nest/Chromecast products hardcode 8.8.8.8, enforcing DoH isnt a reach. The argument: "they could just use a custom protocol anyway" is analogous to "well they could just develop an exploit". It's a non-argument.
1 reply 0 retweets 0 likes -
You're asking me to argue for something that I don't agree with, hasn't happened, and that nobody has proposed. I don't know what you want me to say. It's not analogous, we agree not allowing owner to disable DoH is user-hostile, right? Why would hostility only be limited to DoH?
1 reply 0 retweets 0 likes
Also, I just asked, and apparently you can change the DNS servers in Nest, they're not hardcoded. So even that hasn't happened, so the slippery slope you're fearing is more like rubber-coated flat path at the moment 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.