> -----Original Message----- > From: Eliot Lear <l...@cisco.com> > Sent: Monday, March 11, 2019 11:49 PM > To: Paul Vixie <p...@redbarn.org> > Cc: nalini elkins <nalini.elk...@e-dco.com>; Konda, Tirumaleswar Reddy > <tirumaleswarreddy_ko...@mcafee.com>; d...@ietf.org; dnsop@ietf.org; > Ackermann, Michael <mackerm...@bcbsm.com>; Christian Huitema > <huit...@huitema.net>; dns-priv...@ietf.org; Vittorio Bertola > <vittorio.bertola=40open-xchange....@dmarc.ietf.org>; Stephen Farrell > <stephen.farr...@cs.tcd.ie> > Subject: Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertola-bcp-doh-clients > > Hi Paul, > > > On 11 Mar 2019, at 19:12, Paul Vixie <p...@redbarn.org> wrote: > > > > > > > > nalini elkins wrote on 2019-03-11 10:26: > >> Tiru, > >> Thanks for your comments. > >> > Enterprise networks are already able to block DoH services, > > i wonder if everyone here knows that TLS 1.3 and encrypted headers is > going to push a SOCKS agenda onto enterprises that had not previously > needed one, and that simply blocking every external endpoint known or > tested to support DoH will be the cheaper alternative, even if that makes > millions of other endpoints at google, cloudflare, cisco, and ibm unreachable > as a side effect? > > That or it will require a bit more management at the MDM level. I’m hoping > the latter. And I hope that one output of all of these documents will be a > recommendation regarding MDM interfaces.
I don't think MDM is required to use the DoT/DoH servers provided by the local network. -Tiru > > Eliot _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop