Ted Lemon wrote on 2019-02-12 14:08:
On Feb 12, 2019, at 1:48 PM, Paul Vixie <[email protected]
<mailto:[email protected]>> wrote:
DoH _specifically_ evades this, by looking as much as possible like
other traffic to IP addresses shared by a lot of existing traffic.
Right. So what’s to stop other malicious traffic from doing the same
thing?
lack of an IETF-approved standard with planned implementation by a half
dozen tech giants, means that other malicious traffic will not be able
to hide in the crowd, and can be made subject to policy, and complaints.
IOW, you seem to want DoH to go away, but will that actually solve your
problem? If so, how?
i want DoT to be used instead, and backed by google, mozilla,
cloudflare, and the others. i want malicious traffic to stand apart from
the crowd, where affordable anomaly detection can see it and cope with
it. security economics is a "long game." DoH is a giant step function.
--
P Vixie
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
