Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
On Mon, 9 Sep 2019 00:38:03 +0200, Adam Borowski <kilobyte@angband.pl>
wrote:
>With local DNS:
>* the target server knows about you (duh!)
>* the ISP can read the destination of every connection
> [reading the DNS packets, reading the IP header, reading SNI header]
>* the ISP can block such connections
> [blocking DNS packets, blocking actual connection]
>* DNSSEC forbids falsifying DNS
>
>With DoH:
>* the target server knows about you (duh!)
>* the ISP can read the destination of every connection
> [reading the IP header, reading SNI header]
>* the ISP can block such connections
> [blocking actual connection]
>* Cloudflare can read the destination of every connection
> [they serve the DNS...]
>* Cloudflare can falsify DNS¹
>* Cloudflare can block connections
> [blocking or falsifying DNS response]
>
>So currently DoH is strictly worse.
Will DOH break corporate web apps that are accessed over a VPN (and
thus only resolvable via the local resolver)? Or has Mozilla catered
for that?
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Reply to: