Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?

To: debian-devel@lists.debian.org
Subject: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
From: Paul Wise <pabs@debian.org>
Date: Sun, 15 Sep 2019 09:00:33 +0800
Message-id: <[🔎] CAKTje6EbiuNFRBaMrda1QNAZGpA72YG3d5QvdU392WO51r3zGg@mail.gmail.com>
In-reply-to: <[🔎] 9ef57a4f-c384-4ae6-89fa-6b4edccb4ddc@derobert.net>
References: <[🔎] EE779388-626F-4853-BC0B-AD79B18F0731@sury.org> <[🔎] 20190908211713.GA30275@bongo.bofh.it> <[🔎] 20190908223803.GB11482@angband.pl> <[🔎] 20190910174657.GA30797@bongo.bofh.it> <[🔎] 20190912165247.GA10547@angband.pl> <[🔎] 20190912202739.GF2670@psi5.com> <[🔎] 20190912225130.kw7hu66vs73phkux@yuggoth.org> <[🔎] 20190913102823.GB23990@bongo.bofh.it> <[🔎] 20190913110516.GA5872@psi5.com> <[🔎] 9ef57a4f-c384-4ae6-89fa-6b4edccb4ddc@derobert.net>

On Sun, Sep 15, 2019 at 5:48 AM Anthony DeRobertis wrote:
> On 9/13/19 7:05 AM, Simon Richter wrote:
> >
> > Mandatory Encrypted SNI with no fallback option -- everything else can be
> > circumvented easily.
> >
> > This is a game that we should not play, really. It raises the cost of
> > running a service on the Internet so only big players can afford to do so.
>
> Does it? I haven't personally deployed it yet anywhere, but when I
> briefly looked into it, it appears to require adding a DNS record & some
> web server config. If anything, it appears to be harder to do if you're
> a big player (e.g., making sure your DNS servers always return matching
> ESNI and A/AAAA records, even when you have geo-targeted DNS — so much
> easier when you only have one server.)

Does anyone know if any software in Debian supports ESNI records?

Looking at the RFC draft, it sounds like adding ESNI records to
debian.org would basically duplicate the DANE records debian.org
already has..... sigh

https://datatracker.ietf.org/doc/draft-ietf-tls-esni/?include_text=1
https://serverfault.com/questions/976377/how-can-i-set-up-encrypted-sni-on-my-own-servers

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: "Amir H. Firouzian" <firouziyan@gmail.com>

References:
- Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Ondřej Surý <ondrej@sury.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Simon Richter <sjr@debian.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Simon Richter <sjr@debian.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Anthony DeRobertis <anthony@derobert.net>

Prev by Date: Re: Git Packaging Round 2: SHOULD Not or MUSt NOT Github
Next by Date: Re: Git Packaging Round 2: SHOULD Not or MUSt NOT Github
Previous by thread: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
Next by thread: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
Index(es):
- Date
- Thread