Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?

To: Paul Wise <pabs@debian.org>
Cc: Debian Development <debian-devel@lists.debian.org>
Subject: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
From: "Amir H. Firouzian" <firouziyan@gmail.com>
Date: Sun, 15 Sep 2019 14:55:13 +0430
Message-id: <[🔎] CACVFBC96rFaq3FgJ4JsjchgFuBW4bc2+YaCi2SRTb+5ef_=Uaw@mail.gmail.com>
In-reply-to: <[🔎] CAKTje6EbiuNFRBaMrda1QNAZGpA72YG3d5QvdU392WO51r3zGg@mail.gmail.com>
References: <[🔎] EE779388-626F-4853-BC0B-AD79B18F0731@sury.org> <[🔎] 20190908211713.GA30275@bongo.bofh.it> <[🔎] 20190908223803.GB11482@angband.pl> <[🔎] 20190910174657.GA30797@bongo.bofh.it> <[🔎] 20190912165247.GA10547@angband.pl> <[🔎] 20190912202739.GF2670@psi5.com> <[🔎] 20190912225130.kw7hu66vs73phkux@yuggoth.org> <[🔎] 20190913102823.GB23990@bongo.bofh.it> <[🔎] 20190913110516.GA5872@psi5.com> <[🔎] 9ef57a4f-c384-4ae6-89fa-6b4edccb4ddc@derobert.net> <[🔎] CAKTje6EbiuNFRBaMrda1QNAZGpA72YG3d5QvdU392WO51r3zGg@mail.gmail.com>

Debian doesn't add ESNI Record into it's Name Server.

Check here (ONLINE dig):
https://toolbox.googleapps.com/apps/dig/#TXT/

Check these two domains:
_esni.debian.org
_esni.cloudflare.com

On Sun, Sep 15, 2019 at 5:31 AM Paul Wise <pabs@debian.org> wrote:
>
> On Sun, Sep 15, 2019 at 5:48 AM Anthony DeRobertis wrote:
> > On 9/13/19 7:05 AM, Simon Richter wrote:
> > >
> > > Mandatory Encrypted SNI with no fallback option -- everything else can be
> > > circumvented easily.
> > >
> > > This is a game that we should not play, really. It raises the cost of
> > > running a service on the Internet so only big players can afford to do so.
> >
> > Does it? I haven't personally deployed it yet anywhere, but when I
> > briefly looked into it, it appears to require adding a DNS record & some
> > web server config. If anything, it appears to be harder to do if you're
> > a big player (e.g., making sure your DNS servers always return matching
> > ESNI and A/AAAA records, even when you have geo-targeted DNS — so much
> > easier when you only have one server.)
>
> Does anyone know if any software in Debian supports ESNI records?
>
> Looking at the RFC draft, it sounds like adding ESNI records to
> debian.org would basically duplicate the DANE records debian.org
> already has..... sigh
>
> https://datatracker.ietf.org/doc/draft-ietf-tls-esni/?include_text=1
> https://serverfault.com/questions/976377/how-can-i-set-up-encrypted-sni-on-my-own-servers
>
> --
> bye,
> pabs
>
> https://wiki.debian.org/PaulWise
>

Reply to:

References:
- Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Ondřej Surý <ondrej@sury.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Simon Richter <sjr@debian.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Simon Richter <sjr@debian.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Anthony DeRobertis <anthony@derobert.net>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Git Packaging Round 2: When to Salsa
Next by Date: Re: Git Packaging Round 2: SHOULD Not or MUSt NOT Github
Previous by thread: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
Next by thread: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
Index(es):
- Date
- Thread