Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?

To: debian-devel@lists.debian.org
Subject: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
From: Anthony DeRobertis <anthony@derobert.net>
Date: Sat, 14 Sep 2019 17:48:13 -0400
Message-id: <[🔎] 9ef57a4f-c384-4ae6-89fa-6b4edccb4ddc@derobert.net>
In-reply-to: <[🔎] 20190913110516.GA5872@psi5.com>
References: <[🔎] EE779388-626F-4853-BC0B-AD79B18F0731@sury.org> <[🔎] 20190908211713.GA30275@bongo.bofh.it> <[🔎] 20190908223803.GB11482@angband.pl> <[🔎] 20190910174657.GA30797@bongo.bofh.it> <[🔎] 20190912165247.GA10547@angband.pl> <[🔎] 20190912202739.GF2670@psi5.com> <[🔎] 20190912225130.kw7hu66vs73phkux@yuggoth.org> <[🔎] 20190913102823.GB23990@bongo.bofh.it> <[🔎] 20190913110516.GA5872@psi5.com>

On 9/13/19 7:05 AM, Simon Richter wrote:


Mandatory Encrypted SNI with no fallback option -- everything else can be
circumvented easily.

This is a game that we should not play, really. It raises the cost of
running a service on the Internet so only big players can afford to do so.

Does it? I haven't personally deployed it yet anywhere, but when Ibriefly looked into it, it appears to require adding a DNS record & someweb server config. If anything, it appears to be harder to do if you'rea big player (e.g., making sure your DNS servers always return matchingESNI and A/AAAA records, even when you have geo-targeted DNS — so mucheasier when you only have one server.)

Reply to:

Follow-Ups:
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Paul Wise <pabs@debian.org>

References:
- Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Ondřej Surý <ondrej@sury.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Simon Richter <sjr@debian.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Simon Richter <sjr@debian.org>

Prev by Date: Re: Git Packaging Round 2: SHOULD Not or MUSt NOT Github
Next by Date: Re: Git Packaging Round 2: SHOULD Not or MUSt NOT Github
Previous by thread: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
Next by thread: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
Index(es):
- Date
- Thread