You're talking about devices over which you have no control. So how does it make a difference where the attack vector is on the device? Why is DNS-over-HTTPS worse than entire-attack-vector-over-HTTPS?
On Mon, Aug 20, 2018 at 7:47 PM Paul Vixie <[email protected]> wrote: > > > Ted Lemon wrote: > > I think that you are whistling past the graveyard. If your firewall > > allows HTTPS without a proxy, then everything that DoH allows is already > > possible, and is probably already being done, because it's so obvious. > > nope. the control plane stops at my doorstep, and there is no ubiquitous > bypass occurring. i urge you to consider my level of commitment to this > state of affairs, and whether i'm alone, and what could happen if it's > threatened by the DOH WG's work. > > > If you disagree with me about this (and I can think of a few reasons > > why you might) then you should articulate what is possible with DoH that > > isn't already possible with HTTPS. > > done. > > -- > P Vixie > >
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
