> On Mar 12, 2019, at 5:52 PM, Michael Sinatra <mich...@brokendns.net> wrote: > > [1] As an example, I am personally and practically opposed to inline TLS > decryption in most enterprises. DoH gives further ammo for security > folks to insist on inline TLS decryption, IMO. DoT, not as much, since > the protocol can be easily identified on the wire and any necessary > actions taken. Manipulating DoT transactions is a far cry from > manipulating/decrypting all TLS...
My impression is there are people who will not be satisfied until all traffic looks identical and you have zero way to protect your home, enterprise or similar. (The lack of protection is a side-effect, not a design criteria of making it harder to detect variation in endpoint behavior) I don’t support efforts to offer standards that make everything look the same when they are not the same. Next someone is going to show up in IDR saying how we must TLS all the routing data because reasons. - Jared _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
