From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bernhard Bitsch <Bernhard.Bitsch@gmx.de>
To: development@lists.ipfire.org
Subject: Aw: Re: Should we block DoH by default?
Date: Tue, 03 Mar 2020 14:58:20 +0100
Message-ID:
 <trinity-2fe2ee85-83a3-48d4-87ba-13b6f7b290d9-1583243900256@3c-app-gmx-bap45>
In-Reply-To: <20200303131550.GE31441@tehanu.it.jyu.fi>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1930605584980518914=="
List-Id: <development.lists.ipfire.org>

--===============1930605584980518914==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable



> Gesendet: Dienstag, 03. M=C3=A4rz 2020 um 14:15 Uhr
> Von: "Tapani Tarvainen" <ipfire(a)tapanitarvainen.fi>
> An: development(a)lists.ipfire.org
> Betreff: Re: Should we block DoH by default?
>
> On Mar 03 11:47, Michael Tremer (michael.tremer(a)ipfire.org) wrote:
>=20
> > I do not want DoH. I do not like it.=20
>=20
> I want it and I like it and I think it will come anyway.
>=20

Maybe it comes anyway. Just as Google devices want to do DNS resolving on 8.8=
.8.8, without looking at the rules defined by DHCP etc.
Nevertheless this is no reason to allow it. In most countries vigilantism is =
not allowed, even when weapons are spread very widely in the society.

> > We could consider always blocking this domain and always return NXDOMAIN =
or something else that falls into the =E2=80=9Cnegative=E2=80=9D category.
> >=20
> > That way we can guarantee (at least for now) that Firefox users will stil=
l use the IPFire resolver.
> >=20
> > Would anybody be against this?
>=20
> I would. I don't want to be *forced* to use IpFire resolver.
>

But one task of an internet appliance like IPFire is just to force such local=
 rules.
=20
> If you something like that, at the very least it should be an option
> that can easily be turned off.
>=20

This is one aspect. On the other side such a feature like DoH should be turne=
d on "silently".

---
Bernhard

> --=20
> Tapani Tarvainen
>

--===============1930605584980518914==--