1 Oct
2019
1 Oct
'19
4:08 a.m.
On Tue, Oct 01, 2019 at 09:55:54AM +0200, Jeroen Massar <jeroen@massar.ch> wrote a message of 26 lines which said:
(Because this canary domain contradicts DoH's goals, by allowing the very party you don't trust to remotely disable security.)
The goal is centralization of DNS
Hmmm, no, read RFC 8484 (section 1).
While the 'connection to the recursor' is 'encrypted', the recursor is still in clear text... one just moves who can see what you are doing with this.
As with any cryptographic protocol. Same thing with VPNs, SSH and whatever: the remote end can see what you do. What's your point?