You know you’re being bamboozled when you see appeals to: 1. Layer violations. 2. The sanctity of the network control plane. 3. Enterprise networks.https://twitter.com/paulvixie/status/1053886628832382977 …
-
-
If you think this is a just-so argument, please remember that the Network Security Control Plane people tried to mug the TLS 1.3 group to keep interceptable RSA keys in the protocol, based on THE SAME LOGIC.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Can someone explain to me why "x over tls" breaks "enterprise security" while "y over tls" doesn't? I don't like the potential centralization of DNS either, but this argument is just... I don't even know.
-
I'm just following along, but I think it is just about being able to block the outbound port number. DoH can't be blocked because it's 443. Network person wants to force you to fall back to their own DNS resolver, so they get to filter, etc.
- Još 1 odgovor
Novi razgovor -
-
-
Any suggestions, then, on how to do network-wide PI-hole style domain filtering in a world of DoH? Because blacklisting common DoH resolver IPs is all I can think of.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Rely on endpoint security? Or counting packets? Or log messages on gateways / servers that do not contain host names? Very curious to learn.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Tweet je nedostupan.
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.