> -----Original Message-----
> From: Eliot Lear <l...@cisco.com>
> Sent: Monday, March 11, 2019 11:49 PM
> To: Paul Vixie <p...@redbarn.org>
> Cc: nalini elkins <nalini.elk...@e-dco.com>; Konda, Tirumaleswar Reddy
> <tirumaleswarreddy_ko...@mcafee.com>; d...@ietf.org; dnsop@ietf.org;
> Ackermann, Michael <mackerm...@bcbsm.com>; Christian Huitema
> <huit...@huitema.net>; dns-priv...@ietf.org; Vittorio Bertola
> <vittorio.bertola=40open-xchange....@dmarc.ietf.org>; Stephen Farrell
> <stephen.farr...@cs.tcd.ie>
> Subject: Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertola-bcp-doh-clients
> 
> Hi Paul,
> 
> > On 11 Mar 2019, at 19:12, Paul Vixie <p...@redbarn.org> wrote:
> >
> >
> >
> > nalini elkins wrote on 2019-03-11 10:26:
> >> Tiru,
> >> Thanks for your comments.
> >> > Enterprise networks are already able to block DoH services,
> > i wonder if everyone here knows that TLS 1.3 and encrypted headers is
> going to push a SOCKS agenda onto enterprises that had not previously
> needed one, and that simply blocking every external endpoint known or
> tested to support DoH will be the cheaper alternative, even if that makes
> millions of other endpoints at google, cloudflare, cisco, and ibm unreachable
> as a side effect?
> 
> That or it will require a bit more management at the MDM level.  I’m hoping
> the latter.  And I hope that one output of all of these documents will be a
> recommendation regarding MDM interfaces.

I don't think MDM is required to use the DoT/DoH servers provided by the local 
network.

-Tiru

> 
> Eliot
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to