On Mon, Jul 15, 2019 at 8:14 AM Paul Vixie <p...@redbarn.org> wrote: > On Monday, 15 July 2019 02:17:04 UTC Rob Sayre wrote: > > On Sun, Jul 14, 2019 at 6:59 PM Paul Vixie <p...@redbarn.org> wrote: > > > ... > > > > I'm surprised that you seem to view DoH as a problem. I mean, everyone > knows > > that TLS and IPSEC are compromised by determined attackers, ... > > if you know a way that modern TLS 1.3 can be compromised by MiTM
I think some parties just ask for the certs, if they can't acquire them due to negligence. > , i'd like to > know more. a lot of us are moving from MiTM to explicit outbound proxy > with an > internally trusted key in order to fulfill our corporate or regulatory > obligations. > > > but I didn't know > > it was a continued sore spot. If you have more to say, I would like to > hear > > it. > > the introduction of the DoH RFC explains that this protocol is designed to > prevent interference by on-path actors in dns operations. i am a > committed, > determined on-path interferer, both for parental controls at home and > corporate controls at $dayjob. > This response is disappointing to me, but I have to congratulate its directness. thanks, Rob
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
