Video:
The recording of my talk on DNS encryption (2020 update) is now online
@cstrotm After listening to the talk I ask myself if it's really a good idea to involve literally 8 servers into a single DNS request and calling that an improvement. Considering how many people fail to deploy proper DNS already when it comes to more than just an A record.
Shouldn't we try to make things less not more complex? And also things like why does a device vendor have a say in what DoH resolvers should be used/are trusted?
@sheogorath
>> And also things like why does a device vendor have a say in what DoH resolvers should be used/are trusted? <<
that is not a feature of the protocol, but of the modern (commercial) operating systems.
Linux/BSD might use this as well to securely resolve the addresses and configuration data about their package repositories.
I see nothing wrong with that.
@cstrotm I mean, I can definitely see why vendors want that, but not necessarily why users want that. Wouldn't that also become an angle for censorship again? As in "To distribute your devices in our country you have to only allow our somehow state-law-compliant DoH Servers as Endpoints"? Or is this somehow technically prevented (which I currently don't see how)?
But mhm, maybe I try to solve society problem with tech again :|
@sheogorath
That could be, but it would be visible for everyone looking into the DNS responses from those vendors/services.
We can't prevent state actors snooping at data, but DoH might make it transparent (which in the case of DNS is not the case today).