Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?

2019-09-15 Thread Amir H. Firouzian 
Debian doesn't add ESNI Record into it's Name Server.

Check here (ONLINE dig):
https://toolbox.googleapps.com/apps/dig/#TXT/

Check these two domains:
_esni.debian.org
_esni.cloudflare.com

On Sun, Sep 15, 2019 at 5:31 AM Paul Wise  wrote:
>
> On Sun, Sep 15, 2019 at 5:48 AM Anthony DeRobertis wrote:
> > On 9/13/19 7:05 AM, Simon Richter wrote:
> > >
> > > Mandatory Encrypted SNI with no fallback option -- everything else can be
> > > circumvented easily.
> > >
> > > This is a game that we should not play, really. It raises the cost of
> > > running a service on the Internet so only big players can afford to do so.
> >
> > Does it? I haven't personally deployed it yet anywhere, but when I
> > briefly looked into it, it appears to require adding a DNS record & some
> > web server config. If anything, it appears to be harder to do if you're
> > a big player (e.g., making sure your DNS servers always return matching
> > ESNI and A/ records, even when you have geo-targeted DNS — so much
> > easier when you only have one server.)
>
> Does anyone know if any software in Debian supports ESNI records?
>
> Looking at the RFC draft, it sounds like adding ESNI records to
> debian.org would basically duplicate the DANE records debian.org
> already has. sigh
>
> https://datatracker.ietf.org/doc/draft-ietf-tls-esni/?include_text=1
> https://serverfault.com/questions/976377/how-can-i-set-up-encrypted-sni-on-my-own-servers
>
> --
> bye,
> pabs
>
> https://wiki.debian.org/PaulWise
>

Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?

2019-09-14 Thread Amir H. Firouzian 
Becuase the best privacy solution would be to embed DNS resolver into
mozilla and they query root servers (which manage by ICANN) to find
IPs of TLDs server!
I mean the "users’ privacy" is a opaque general definition, rather
there are the spectrum of techniques which protect us against mass
surveillance. So in some sense there is violation and in other
condition it could be protector (ISP don't realize the packet DNS
QUERY ONLY). There is a trade of as always :)

On Thu, Sep 12, 2019 at 10:28 PM Ondřej Surý  wrote:
>
> What? How did you manage to go from me suggesting disabling DoH by default to 
> CloudFlare in Firefox without explicit user consent to an attack on ICANN?
>
> But I guess that this alternative DNS root nonsense will just never die, so I 
> should not be really surprised.
>
> --
> Ondřej Surý 
>
> > On 12 Sep 2019, at 19:45, Amir H. Firouzian  wrote:
> >
> > Then you should ask why we have ICANN in the first place!
> >
> > PS: https://en.wikipedia.org/wiki/OpenNIC
> >
> >> On Sun, Sep 8, 2019 at 11:01 PM Ondřej Surý  wrote:
> >>
> >> Hi,
> >>
> >> I haven’t found any discussion on the topic (although I haven’t searched 
> >> very hard and only looked for DoH and DNS keywords in the BTS), but since 
> >> Mozilla plans to enable DoH to CloudFlare by default to US based users: 
> >> https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/
> >>  I would rather see an explicit statement. I would be very surprised with 
> >> Debian’s usual stance regarding the users’ privacy that we would not 
> >> consider this as a privacy violation, but again I am not Firefox 
> >> maintainer in Debian and I would rather hear from them than speculate on 
> >> my own.
> >>
> >> Thanks,
> >> Ondřej
> >> --
> >> Ondřej Surý

Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?

2019-09-12 Thread Amir H. Firouzian 
Then you should ask why we have ICANN in the first place!

PS: https://en.wikipedia.org/wiki/OpenNIC

On Sun, Sep 8, 2019 at 11:01 PM Ondřej Surý  wrote:
>
> Hi,
>
> I haven’t found any discussion on the topic (although I haven’t searched very 
> hard and only looked for DoH and DNS keywords in the BTS), but since Mozilla 
> plans to enable DoH to CloudFlare by default to US based users: 
> https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/
>  I would rather see an explicit statement. I would be very surprised with 
> Debian’s usual stance regarding the users’ privacy that we would not consider 
> this as a privacy violation, but again I am not Firefox maintainer in Debian 
> and I would rather hear from them than speculate on my own.
>
> Thanks,
> Ondřej
> --
> Ondřej Surý

Re: Chromium browser

2017-02-05 Thread Amir H. Firouzian 
Hello,
That's really funny. 

On Wed, Feb 1, 2017 at 12:01 PM, Michael Meskes  wrote:

> Hi,
>
> could anyone please enlighten me why we have a chromium version in stable
> security that is newer than what we have in unstable? The same version I
> did
> find, though, in experimental. However, I wonder if anything not stable
> enough(?) for unstable can make it into stable security. Or the other way
> round, why something needed for security cannot make it into unstable.
>
> Anyway, yes, the question is, what do I with my desktops?
>
> Final question, why does https://packages.qa.debian.
> org/c/chromium-browser.html
> not show the security upload in the news feed?
>
> Michael
> --
> Michael Meskes
> Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
> Meskes at (Debian|Postgresql) dot Org
> Jabber: michael at xmpp dot meskes dot org
> VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL
>
>