undefined | Better HN

0 pointsjchw6y ago0 comments

>DoH sacrifices the security of networks in favor of end-users

I agree, if you are considering the approach of just using an arbitrary DoH server. But I think it would be nice if people would at least acknowledge that this is not a fault of DoH. One could envision a future where local DNS servers could support DoH. I don't know how far away from reality this is, though.

If this is somehow a fault of DoH, I apologize for my misunderstanding. I admittedly haven't read the full standard.

>serious security teams already exert direct control (via MDM and endpoint security) over end-systems anyways

Thank you, this is precisely what I was thinking.

0 comments

tptacek6y ago

It's not at all a fault of DoH, since preventing "control plane operators" from coercing end-users into giving up their privacy is DoH's primary goal.

zzzcpan6y ago

End users are not coerced by operators, they are the operators on their own devices and can do whatever the hell they want. The primary goal of DoH as proposed and implemented is to take away that ability from end users, hide that control from them. It's nothing more but malicious anti-user behavior.

tptacek6y ago

This is obviously false.

j / k navigate · click thread line to collapse

0 pointsjchw6y ago0 comments

>DoH sacrifices the security of networks in favor of end-users

If this is somehow a fault of DoH, I apologize for my misunderstanding. I admittedly haven't read the full standard.

>serious security teams already exert direct control (via MDM and endpoint security) over end-systems anyways

Thank you, this is precisely what I was thinking.

0 comments

tptacek6y ago

It's not at all a fault of DoH, since preventing "control plane operators" from coercing end-users into giving up their privacy is DoH's primary goal.

zzzcpan6y ago

tptacek6y ago

This is obviously false.

j / k navigate · click thread line to collapse