Am I the only one around here deeming the choice of @mozilla to enable DoH on by default (in the US, for now) a particularly questionable one?

@0xf0 that’s a story with a lot of complications and tradeoffs.

I don’t particularly think Cloudflare is that trustworthy but most US ISPs? Even less

Follow

@szbalint the point I find most questionable is the blatant layer violation. DNS could have been made safer without creating yet another something-over-HTTPS meta protocol.

HTTP(S) should not be the default answer to everything. IMHO

@0xf0 @szbalint I agree in principle, but what it does mean is a well-r
tested transport security layer with trusted existing implementations, that was quick to define and quick to implement.

@0xf0 well tls is pretty much one of the only world-scale transport layer encryption frameworks that we have.

How would we have provided authentication and privacy without defining another protocol like it? DNSSEC was an utter failure as it didn’t even provide confidentiality

Sign in to participate in the conversation
x0r.be

Exclusive or something