On Mon, Jul 15, 2019 at 8:53 PM Rob Sayre <say...@gmail.com> wrote: > > > On Mon, Jul 15, 2019 at 8:14 AM Paul Vixie <p...@redbarn.org> wrote: > >> On Monday, 15 July 2019 02:17:04 UTC Rob Sayre wrote: >> > On Sun, Jul 14, 2019 at 6:59 PM Paul Vixie <p...@redbarn.org> wrote: >> > > ... >> > >> > I'm surprised that you seem to view DoH as a problem. I mean, everyone >> knows >> > that TLS and IPSEC are compromised by determined attackers, ... >> >> if you know a way that modern TLS 1.3 can be compromised by MiTM > > > I think some parties just ask for the certs, if they can't acquire them > due to negligence. >
The certs are public information, so having the certs isn't useful. Can you please be clearer about the attack you are describing? -Ekr > > >> , i'd like to >> know more. a lot of us are moving from MiTM to explicit outbound proxy >> with an >> internally trusted key in order to fulfill our corporate or regulatory >> obligations. >> >> > but I didn't know >> > it was a continued sore spot. If you have more to say, I would like to >> hear >> > it. >> >> the introduction of the DoH RFC explains that this protocol is designed >> to >> prevent interference by on-path actors in dns operations. i am a >> committed, >> determined on-path interferer, both for parental controls at home and >> corporate controls at $dayjob. >> > > This response is disappointing to me, but I have to congratulate its > directness. > > thanks, > Rob > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
