This DNS over HTTP thing

• Previous message (by thread): This DNS over HTTP thing
• Next message (by thread): This DNS over HTTP thing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 01, 2019 at 10:35:31AM +0200,
 Jeroen Massar <jeroen at massar.ch> wrote 
 a message of 29 lines which said:

> Correct: for the DoH protocol it is not that goal, there it solely
> is "encryption". But DoT already solves that.

DoT is fine, (and my own public resolver activates it) but, as you
know, it is too easy to block, either explicitely, or as a by-product
of a "only port 443" policy.

Also, most of the complaints (for instance by the lobby who wrote to
the US congress) about DoH apply also to DoT (for instance, like DoH,
it prevents the ISP to modify or even to see the DNS requests and
responses, so the lobbies who don't like DoH won't like DoT either).

> For the implementation though of DoH (what most people have a
> problem with), the sole goal is centralization

This is your personal opinion, not a fact. (Speaking as someone who
deployed a DoH resolver.)

> and moving the information collection from the ISP to single
> entities that are already collection so much data,

That's why we need more DoH resolvers. Install one!

> The point is that the claimed goal (for the deployment) is that it
> gives users 'privacy', but in the end that 'privacy' just moves from
> the ISP that the user pays to an unrelated company that wants to see
> it all...

Security is often moving stuff to a different trusted party (think of
VPNs, for instance).

• Previous message (by thread): This DNS over HTTP thing
• Next message (by thread): This DNS over HTTP thing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]