Paul, On Feb 12, 2019, at 8:32 AM, Paul Vixie <p...@redbarn.org> wrote: > DoH is _dangerous_ because it's my network and i require all visitors, family > members, employees, and apps to use the control plane i have constructed, > which includes DNS surveillance and control.
Why don’t you force folks on your network to install a certificate that would allow you to inspect TCP/443 outbound traffic? How can you be sure folks on your network aren’t already tunneling their evil deeds through HTTPS? Thanks, -drc
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
