From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Should we block DoH by default?
Date: Tue, 03 Mar 2020 15:28:00 +0000
Message-ID: <b2db2fb4-bc45-e84f-c373-133888dc223d@ipfire.org>
In-Reply-To: <83D08EF2-A2BC-4759-9F69-E42BADBDA3C9@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6207584748171224908=="
List-Id: <development.lists.ipfire.org>

--===============6207584748171224908==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello *,

@Sorin-Mihai V=C3=A2rgolici: EHLO, it's nice to see another Postmaster on thi=
s list... :-)

although I basically agree with Michael, Tapani made a point: If we decide to=
 build
something that intents to block DoH in Firefox (what about other browsers, an=
yway?),
the administrator of an IPFire machine should be able to turn it off easily -=
 which
would be something different than the "turn DNSSEC off" switch requested coun=
tless
times by now.

Needless to say, if Mozilla decides not to honour use-application-dns[.]net a=
nymore
- which I expect to happen as some ISPs probably want to continue snooping on=
 their
users DNS traffic -, we are at the very beginning of this battle again.

Besides this canary domain, the links mentioned in https://lists.ipfire.org/p=
ipermail/development/2020-March/007134.html
might be helpful, too, but that would require some sort of deep package inspe=
ction,
which I advise against.

It seems to me like the internet is getting worse all the time, and unfortuna=
tely,
DoH as used by Mozilla does not make it better...

Thanks, and best regards,
Peter M=C3=BCller

--===============6207584748171224908==--