Ted Lemon wrote: ....
I think HTTPS was pretty hostile to local network policy. Indeed, there was a big argument about that in the TLS working group over the past few IETFs. If you don't want people to use DoH, there's an easy solution, which you already need to use regardless: you have to MiTM their HTTTPS traffic. If you don't agree that you have to MiTM their HTTPS traffic to achieve what you want, then I think we are not arguing about the same thing.
it used to be occasionally necessary. with DOH it will be universally nec'y. this will add complexity (so, cost and error rate) and increase surveillance. the DOH people should be told not to proceed to draft standard until their design accommodates the needs of network operators.
-- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
