On 2019-10-01 10:08, Stephane Bortzmeyer wrote:
On Tue, Oct 01, 2019 at 09:55:54AM +0200, Jeroen Massar <jeroen@massar.ch> wrote a message of 26 lines which said:
(Because this canary domain contradicts DoH's goals, by allowing the very party you don't trust to remotely disable security.)
The goal is centralization of DNS
Hmmm, no, read RFC 8484 (section 1).
Correct: for the DoH protocol it is not that goal, there it solely is "encryption". But DoT already solves that. For the implementation though of DoH (what most people have a problem with), the sole goal is centralization and moving the information collection from the ISP to single entities that are already collection so much data, this just gives them more and for properties they do not even operate.
While the 'connection to the recursor' is 'encrypted', the recursor is still in clear text... one just moves who can see what you are doing with this.
As with any cryptographic protocol. Same thing with VPNs, SSH and whatever: the remote end can see what you do. What's your point?
The point is that the claimed goal (for the deployment) is that it gives users 'privacy', but in the end that 'privacy' just moves from the ISP that the user pays to an unrelated company that wants to see it all... False advertising anyone? Greets, Jeroen