Paul,
> (yes, i will be part of a major new project to identify and block all DoH
services, so
> that behavioural security policies can still work, because you may have
> noticed that the internet has never become MORE secure from new tech,
> but it occasionally becomes LESS secure more slowly
Christian Huitema wrote on 2019-03-10 21:14:
There are a bunch of conflicting requirements here, and it would be good
to tease out the contradictions. Consider the following cases:
1) I am using my phone, and using application-X.
2) I am at home, using application-X on my home
BTW, I am reading the draft Tiru et al just posted on DPRIVE about this
issue to see if we have any comments.
> 4) I am using my work laptop on the enterprise network, and
using application-X
This could be an internal application or on the Internet.
Enterprises have connections to:
- Internal
On 3/10/2019 8:25 PM, nalini elkins wrote:
> > Similarly, putting DNS in user space allows for immediate adoption
> of DNSSEC and privacy enhancements, even when the operating system or
> the local network does not support them
>
> At enterprises (banks, insurance, etc) on their internal
Hi all,
This draft
https://tools.ietf.org/html/draft-reddy-dprive-bootstrap-dns-server-01
discusses procedure to automatically bootstrap endpoints to discover and
authenticate DNS-over-(D)TLS and DNS-over-HTTPS servers provided by a local
network. The specification discusses
(1) Bootstrapping
> Similarly, putting DNS in user space allows for immediate adoption of
DNSSEC and privacy enhancements, even when the operating system or the
local network does not support them
At enterprises (banks, insurance, etc) on their internal networks, people
run their own DNS servers which may resolve
> Il 11 marzo 2019 alle 2.05 Christian Huitema ha scritto:
>
> crypto of TLS 1.3. Similarly, putting DNS in user space allows for
> immediate adoption of DNSSEC and privacy enhancements, even when the
> operating system or the local network does not support them. That genie
> is not going back
On 3/10/2019 4:07 PM, Vittorio Bertola wrote:
> Honestly, I understood it differently - at this point in time they are
> doing tests on whether their resolver performs better or worse than
> the system's one, but their announced model is that Firefox will adopt
> a DoH resolver (though it's
> Il 10 marzo 2019 alle 16.44 Stephen Farrell < stephen.farr...@cs.tcd.ie
> mailto:stephen.farr...@cs.tcd.ie > ha scritto:
>
>
>
> Hiya,
>
> On 10/03/2019 14:55, Vittorio Bertola wrote:
>
> > > Hello all,
> >
> > this new document has been allocated 10
Hiya,
On 10/03/2019 14:55, Vittorio Bertola wrote:
> Hello all,
>
> this new document has been allocated 10 minutes in the dprive agenda
> in Prague.
I really hope someone's going to arrange one venue for these
discussions. Could be a bit of a mess otherwise between dprive,
doh, dnsops,
Hello all,
this new document has been allocated 10 minutes in the dprive agenda in Prague.
It is my attempt to launch a productive discussion on whether the IETF can
reach consensus on how to address all the issues deriving by the early
deployment attempts of encrypted DNS protocols and
11 matches
Mail list logo
