Am I the only one around here deeming the choice of @mozilla to enable DoH on by default (in the US, for now) a particularly questionable one?

@0xf0 that’s a story with a lot of complications and tradeoffs.

I don’t particularly think Cloudflare is that trustworthy but most US ISPs? Even less

@szbalint the point I find most questionable is the blatant layer violation. DNS could have been made safer without creating yet another something-over-HTTPS meta protocol.

HTTP(S) should not be the default answer to everything. IMHO

@0xf0 @szbalint I agree in principle, but what it does mean is a well-r
tested transport security layer with trusted existing implementations, that was quick to define and quick to implement.

@0xf0 well tls is pretty much one of the only world-scale transport layer encryption frameworks that we have.

How would we have provided authentication and privacy without defining another protocol like it? DNSSEC was an utter failure as it didn’t even provide confidentiality

@0xf0 oh hell no, I just this morning took steps to ensure this crap won't happen on my company LAN if they go global with this option.

I don't want my intranet hostnames to a) stop working, and b) be sent to Cloudflare or some other third party of Mozilla's choosing.

Sign in to participate in the conversation

Exclusive or something