[GTALUG] DNS-over-HTTPS - what's the use?
Alvin Starr
alvin at netvel.net
Mon Dec 23 10:19:30 EST 2019
On 12/23/19 10:04 AM, Giles Orr via talk wrote:
> Firefox now makes available DNS-over-HTTPS. I'm a big fan of security
> and privacy, but I'm struggling to see the gains here: we stop some
> hypothetical observer from finding out what domain name we're querying
> ... and then immediately turn around and ask that domain for a web
> page. You hid the destination in your first query ... only to
> immediately expose it with your next query.
That assumes a 1:1 relationship between the IP address and the domain
name searched.
Web servers now supports the ability to have multiple domains appear on
a single IP even with HTTPS.
So if your using a proxy service like Cloudflair then it may be very
difficult to know exactly what domain the request is going to.
> I admit I'm thinking of our hypothetical advisor being at the ISP:
> they'll see both types of queries anyway. I suppose the argument can
> be made that an observer on the path to the DNS but not at the ISP has
> been stymied, but this seems ... lower value. Still, is that
> primarily what this will stop?
>
This will also make it harder for people who are on your wifi link to
snoop on what your trying to connect to.
Still any security enhancement is a security enhancement and makes it
harder for others to steal your information, and generally that is a
good thing.
--
Alvin Starr || land: (647)478-6285
Netvel Inc. || Cell: (416)806-0133
alvin at netvel.net ||
More information about the talk
mailing list