> -----Original Message----- > From: Eliot Lear <[email protected]> > Sent: Monday, March 11, 2019 11:49 PM > To: Paul Vixie <[email protected]> > Cc: nalini elkins <[email protected]>; Konda, Tirumaleswar Reddy > <[email protected]>; [email protected]; [email protected]; > Ackermann, Michael <[email protected]>; Christian Huitema > <[email protected]>; [email protected]; Vittorio Bertola > <[email protected]>; Stephen Farrell > <[email protected]> > Subject: Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertola-bcp-doh-clients > > Hi Paul, > > > On 11 Mar 2019, at 19:12, Paul Vixie <[email protected]> wrote: > > > > > > > > nalini elkins wrote on 2019-03-11 10:26: > >> Tiru, > >> Thanks for your comments. > >> > Enterprise networks are already able to block DoH services, > > i wonder if everyone here knows that TLS 1.3 and encrypted headers is > going to push a SOCKS agenda onto enterprises that had not previously > needed one, and that simply blocking every external endpoint known or > tested to support DoH will be the cheaper alternative, even if that makes > millions of other endpoints at google, cloudflare, cisco, and ibm unreachable > as a side effect? > > That or it will require a bit more management at the MDM level. I’m hoping > the latter. And I hope that one output of all of these documents will be a > recommendation regarding MDM interfaces.
I don't think MDM is required to use the DoT/DoH servers provided by the local network. -Tiru > > Eliot _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
