undefined | Better HN

0 pointsdogecoinbase6y ago0 comments

I am no sysadmin but working closely with some.

Some of your best friends, eh? The point of MITMing HTTPS in an enterprise setting is not inbound content scanning (though that's pretty useful to), it's to prevent outbound transfer of secrets/HIPAA or PII data/financial data, and it's a regulatory requirement for some industries.

Besides, the point of DoH is to move DNS into the browser, which Google also controls, to prevent pihole-like DNS-based ad blocking. Cloudflare supports it because it allows them to lock down one of the few remaining actual distributed systems powering the internet. These companies are not your friends, and you should think harder about their incentives.

0 comments

Spivak6y ago

> it's a regulatory requirement for some industries.

It won't be when it's functionally impossible, which seems to be the point.

You do see the light at the end of the tunnel, right? Browsers shipping their own unmodifiable CA stores and disrespecting 3rd-party CAs signatures for public DNS names.

j / k navigate · click thread line to collapse