[GTALUG] DNS-over-HTTPS - what's the use?
Giles Orr
gilesorr at gmail.com
Mon Dec 23 13:37:20 EST 2019
On Mon, 23 Dec 2019 at 10:58, Alvin Starr via talk <talk at gtalug.org> wrote:
> On 12/23/19 10:24 AM, James Knott via talk wrote:
> > On 2019-12-23 10:19 AM, Alvin Starr via talk wrote:
> >> This will also make it harder for people who are on your wifi link to
> >> snoop on what your trying to connect to.
> >> Still any security enhancement is a security enhancement and makes it
> >> harder for others to steal your information, and generally that is a
> >> good thing.
> >
> > Some people have other ideas:
> > https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-solves-experts-say/
> >
>
> Its an interesting set of issues.
>
> From a quick browse through the URL the complains seem to break into 2
> categories.
> - it makes tracking harder
> - if not properly implemented it provides no extra security.
>
> Both things tend to be true of encryption technologies.
>
> I am not sure I would be running out to implement DoH any time soon
> because it does not seem like a great value.
I'm also not enthusiastic about taking DNS out of the hands of the
operating system: not only does this break "do one thing and do it
well" (although browsers did that long ago), it also means that if you
have name resolution problems the solution becomes split on "is this
in the browser or somewhere else?" It seems to me that this solution
- if implemented at all, and it's sounding like a bad idea - should be
done at the OS level, not the browser.
I'm going to pass on this little development and see how it plays out ...
Thanks everyone.
--
Giles
https://www.gilesorr.com/
gilesorr at gmail.com
More information about the talk
mailing list