On Feb 12, 2019, at 10:34 AM, Paul Vixie <[email protected]> wrote: > netflow. such traffic _looks_ abnormal. > > the deliberate design premise of DoH is that it look normal.
It’s either one or the other. DoH is such traffic. If it looks abnormal, you can do something about it. If it doesn’t, you can’t. It’s not the case that nefarious traffic that is not DoH is special in looking different. Or rather, to the extent that you are good at identifying and blocking such traffic, that will naturally select for solutions that are less easily identified, and eventually the steady state will be exactly what you are afraid of with DoH. To the extent that DoH is less obvious than these other techniques, you could legitimately say that it is an example of this process of natural selection. It just happens to be visible to you, whereas all the other examples are not, because they are being done by black hats, not by the IETF.
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
