> On Mar 12, 2019, at 5:52 PM, Michael Sinatra <mich...@brokendns.net> wrote:
> 
> [1] As an example, I am personally and practically opposed to inline TLS
> decryption in most enterprises.  DoH gives further ammo for security
> folks to insist on inline TLS decryption, IMO.  DoT, not as much, since
> the protocol can be easily identified on the wire and any necessary
> actions taken.  Manipulating DoT transactions is a far cry from
> manipulating/decrypting all TLS...

My impression is there are people who will not be satisfied until all traffic 
looks
identical and you have zero way to protect your home, enterprise or similar.  
(The lack
of protection is a side-effect, not a design criteria of making it harder to 
detect
variation in endpoint behavior)

I don’t support efforts to offer standards that make everything look the same 
when
they are not the same.

Next someone is going to show up in IDR saying how we must TLS all the routing 
data
because reasons.  

- Jared
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to