On Wed, 15 Apr 2020 07:49:28 -0400
Greg Wooledge wrote:
> On Tue, Apr 14, 2020 at 07:12:47PM -0400, Lee wrote:
> > On 4/14/20, Greg Wooledge wrote:
> > > Accessing the mirrors via https makes the packages un-cacheable, which
> > > makes the traffic volume significantly greater -- and the package
On Wed 15 Apr 2020 at 07:49:28 (-0400), Greg Wooledge wrote:
> On Tue, Apr 14, 2020 at 07:12:47PM -0400, Lee wrote:
> > On 4/14/20, Greg Wooledge wrote:
> > > Accessing the mirrors via https makes the packages un-cacheable, which
> > > makes the traffic volume significantly greater -- and the pack
On Tue, Apr 14, 2020 at 07:12:47PM -0400, Lee wrote:
> On 4/14/20, Greg Wooledge wrote:
> > Accessing the mirrors via https makes the packages un-cacheable, which
> > makes the traffic volume significantly greater -- and the package lists
> > are already signed, so there's no gain in trustworthine
On 4/14/20, Greg Wooledge wrote:
> On Mon, Apr 13, 2020 at 07:03:12PM -0400, Lee wrote:
>> dnssec just adds a cryptographic signature to the data -- everything
>> is still done "in the clear" (like Debian updates. or has buster
>> switched to using https for downloading updates?)
>
> The apt-tran
On Tue, 14 Apr 2020 05:45:45 -0400
Lee wrote:
> On 4/13/20, Celejar wrote:
> > On Mon, 13 Apr 2020 08:47:22 +0300
> > Reco wrote:
> >
> >>Hi.
> >>
> >> On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
> >
> > ...
> >
> >> > I just did a quick search and couldn't find anything for smart T
On Ma, 14 apr 20, 07:32:58, Greg Wooledge wrote:
> On Mon, Apr 13, 2020 at 07:03:12PM -0400, Lee wrote:
> > dnssec just adds a cryptographic signature to the data -- everything
> > is still done "in the clear" (like Debian updates. or has buster
> > switched to using https for downloading updates?
On Tue, Apr 14, 2020 at 07:06:05AM -0400, Lee wrote:
> >> Right. The ISP can't see what names the user is looking up but
> >> Cloudflare sees every single one. On the other hand, take a look at
> >> https://wiki.mozilla.org/Security/DOH-resolver-policy
> >
> > An interesting declaration. For in
On Tue, Apr 14, 2020 at 01:48:24PM +0200, n...@dismail.de wrote:
> On Tue, Apr 14, 2020 at 07:06:05 -0400, Lee wrote:
> > Is there some other DNS provider that has a published privacy policy?
> > That's anywhere near as good as CloudFlare's?
> >
> > To be clear - I'm not saying you should trust
On Tue, Apr 14, 2020 at 07:06:05 -0400, Lee wrote:
> Is there some other DNS provider that has a published privacy policy?
> That's anywhere near as good as CloudFlare's?
>
> To be clear - I'm not saying you should trust CloudFlare. It's just
> that I don't see a whole lot of options & quite po
On Mon, Apr 13, 2020 at 07:03:12PM -0400, Lee wrote:
> dnssec just adds a cryptographic signature to the data -- everything
> is still done "in the clear" (like Debian updates. or has buster
> switched to using https for downloading updates?)
The apt-transport-https package is available, but is n
On 4/14/20, Reco wrote:
> Hi.
Hi
> On Mon, Apr 13, 2020 at 06:42:10PM -0400, Lee wrote:
>> On 4/13/20, Reco wrote:
>> > On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
>> >> > The questionable idea behind DOH is that the browser makers do not
>> >> > trust
>> >> > your local resolver.
On 4/13/20, Celejar wrote:
> On Mon, 13 Apr 2020 08:47:22 +0300
> Reco wrote:
>
>> Hi.
>>
>> On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
>
> ...
>
>> > I just did a quick search and couldn't find anything for smart TVs
>> > using DOH.
>>
>> Probably because they aren't there yet. A t
On Mon, Apr 13, 2020 at 07:03:12PM -0400, Lee wrote:
> On 4/13/20, tomas wrote:
> > On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
[...]
> Agreed. But how many home users have a local sys admin? That knows
> how to configure the local resolver?
>
> OK .. on this list, probably most. But
Hi.
On Mon, Apr 13, 2020 at 06:42:10PM -0400, Lee wrote:
> On 4/13/20, Reco wrote:
> > On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
> >> > The questionable idea behind DOH is that the browser makers do not
> >> > trust
> >> > your local resolver.
> >>
> >> Mozilla claims it's a pr
On Mon, 13 Apr 2020 08:47:22 +0300
Reco wrote:
> Hi.
>
> On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
...
> > I just did a quick search and couldn't find anything for smart TVs
> > using DOH.
>
> Probably because they aren't there yet. A typical smart TV is based on
> the Androi
On 4/13/20, tomas wrote:
> On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
>
> [...]
>
>> Mozilla claims it's a privacy issue:
>> https://support.mozilla.org/en-US/kb/firefox-dns-over-https
>> Benefits
>
> Yes, sure [1], but *not in each and every friggin' application*.
I prefer apps that d
On 4/13/20, Reco wrote:
> Hi.
Hi
> On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
>> > The questionable idea behind DOH is that the browser makers do not
>> > trust
>> > your local resolver.
>>
>> Mozilla claims it's a privacy issue:
>> https://support.mozilla.org/en-US/kb/firefox-dn
On Mon, 13 Apr, 2020 at 16:19:55 +0300, Reco wrote:
> On Mon, Apr 13, 2020 at 12:14:44PM +0100, Liam O'Toole wrote:
> > On Mon, 13 Apr, 2020 at 12:57:54 +0300, Reco wrote:
> > > Hi.
> > >
> > > On Mon, Apr 13, 2020 at 11:16:02AM +0300, Andrei POPESCU wrote:
> >
> > [...]
> >
> > > > Whether Do
On Mon, Apr 13, 2020 at 12:14:44PM +0100, Liam O'Toole wrote:
> On Mon, 13 Apr, 2020 at 12:57:54 +0300, Reco wrote:
> > Hi.
> >
> > On Mon, Apr 13, 2020 at 11:16:02AM +0300, Andrei POPESCU wrote:
>
> [...]
>
> > > Whether DoH or DNS-over-TLS, you have to trust the DNS server.
> >
> > Yup. T
On Mon, 13 Apr, 2020 at 12:57:54 +0300, Reco wrote:
> Hi.
>
> On Mon, Apr 13, 2020 at 11:16:02AM +0300, Andrei POPESCU wrote:
[...]
> > Whether DoH or DNS-over-TLS, you have to trust the DNS server.
>
> Yup. That's why I have my own, and every Debian user can have their own
> too, using o
On Mon, Apr 13, 2020 at 12:57:54PM +0300, Reco wrote:
> Hi.
>
> On Mon, Apr 13, 2020 at 11:16:02AM +0300, Andrei POPESCU wrote:
[...]
> Yup. That's why I have my own, and every Debian user can have their own
> too, using only free software.
...and that is why I want the apps on my box to
Hi.
On Mon, Apr 13, 2020 at 11:16:02AM +0300, Andrei POPESCU wrote:
> On Lu, 13 apr 20, 08:47:22, Reco wrote:
> > On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
> >
> > > How many people use a dnssec validating resolver?
> >
> > See above. Besides, DNSSEC is for integrity of zones,
On Lu, 13 apr 20, 08:47:22, Reco wrote:
> On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
>
> > How many people use a dnssec validating resolver?
>
> See above. Besides, DNSSEC is for integrity of zones, not privacy.
> You need DNS-over-TLS if you need last one.
>
>
> > At least Cloudflare
On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
[...]
> Mozilla claims it's a privacy issue:
> https://support.mozilla.org/en-US/kb/firefox-dns-over-https
> Benefits
Yes, sure [1], but *not in each and every friggin' application*.
It'd be OK for the local DNS caching resolver to forward
Hi.
On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
> > The questionable idea behind DOH is that the browser makers do not trust
> > your local resolver.
>
> Mozilla claims it's a privacy issue:
> https://support.mozilla.org/en-US/kb/firefox-dns-over-https
It's a privacy issue along
On 4/12/20, Reco wrote:
> On Sun, Apr 12, 2020 at 12:35:44PM +0200, to...@tuxteam.de wrote:
>> On Sun, Apr 12, 2020 at 01:21:08PM +0300, Reco wrote:
>> > On Sun, Apr 12, 2020 at 12:10:45PM +0200, to...@tuxteam.de wrote:
>> > > That's why I cringe at the idea that browsers want to start doing
>> >
On Sunday 12 April 2020 09:39:09 to...@tuxteam.de wrote:
> On Sun, Apr 12, 2020 at 07:33:51AM -0400, Gene Heskett wrote:
>
> [...]
>
> > I don't either, but at some point in an https environment, it seems
> > to me that a dns lookup is going to have to be translated into a
> > plain dns lookup.
>
On Sun, Apr 12, 2020 at 01:34:07PM +0100, Tixy wrote:
> On Sun, 2020-04-12 at 13:21 +0300, Reco wrote:
> > On Sun, Apr 12, 2020 at 12:10:45PM +0200, to...@tuxteam.de wrote:
> > > That's why I cringe at the idea that browsers want to start doing
> > > name resolution over HTTPS.
> >
> > This simple
On Sun, Apr 12, 2020 at 07:33:51AM -0400, Gene Heskett wrote:
[...]
> I don't either, but at some point in an https environment, it seems to me
> that a dns lookup is going to have to be translated into a plain dns
> lookup.
No, that's not how it works. When the browser wants to resolve a
name
On Sun, Apr 12, 2020 at 02:03:55PM +0300, Reco wrote:
> On Sun, Apr 12, 2020 at 12:35:44PM +0200, to...@tuxteam.de wrote:
[...]
> > [1] That's not a rhethorical flourish, it's genuine. I know too
> >little about DNS-over-HTTP to be of any use at this point.
>
> The questionable idea behind D
On Sun, 2020-04-12 at 13:21 +0300, Reco wrote:
> On Sun, Apr 12, 2020 at 12:10:45PM +0200, to...@tuxteam.de wrote:
> > That's why I cringe at the idea that browsers want to start doing
> > name resolution over HTTPS.
>
> This simple one line of dnsmasq configuration will disable this
> problematic
On Sunday 12 April 2020 06:35:44 to...@tuxteam.de wrote:
> On Sun, Apr 12, 2020 at 01:21:08PM +0300, Reco wrote:
> > On Sun, Apr 12, 2020 at 12:10:45PM +0200, to...@tuxteam.de wrote:
> > > That's why I cringe at the idea that browsers want to start doing
> > > name resolution over HTTPS.
> >
> > T
On Sun, Apr 12, 2020 at 12:35:44PM +0200, to...@tuxteam.de wrote:
> On Sun, Apr 12, 2020 at 01:21:08PM +0300, Reco wrote:
> > On Sun, Apr 12, 2020 at 12:10:45PM +0200, to...@tuxteam.de wrote:
> > > That's why I cringe at the idea that browsers want to start doing
> > > name resolution over HTTPS.
>
On Sun, Apr 12, 2020 at 01:21:08PM +0300, Reco wrote:
> On Sun, Apr 12, 2020 at 12:10:45PM +0200, to...@tuxteam.de wrote:
> > That's why I cringe at the idea that browsers want to start doing
> > name resolution over HTTPS.
>
> This simple one line of dnsmasq configuration will disable this
> prob
On Sun, Apr 12, 2020 at 12:10:45PM +0200, to...@tuxteam.de wrote:
> That's why I cringe at the idea that browsers want to start doing
> name resolution over HTTPS.
This simple one line of dnsmasq configuration will disable this
problematic feature for good for Firefox (basically it creates a bogus
35 matches
Mail list logo
