TLS security for DNS: Not in Firefox style, please

For the more technical/geeky chat subjects!

Moderator: satrow

LigH1L
Moon lover
Moon lover
Posts: 91
Joined: Fri, 22 Feb 2013, 19:08
Location: NoDSL.de - rural central Germany

TLS security for DNS: Not in Firefox style, please

Unread postby LigH1L » Sun, 05 Aug 2018, 18:33

A German blogger (known for security audits and notorious for "conspiracy theories"), Fefe, mentioned ways to make DNS more secure and pointed out flaws in the technology which the publisher Heise (c't and iX magazine) proposes and Firefox will support soon (JSON via TLS via Cloudflare, network.trr.mode).
Last edited by LigH1L on Sun, 05 Aug 2018, 18:34, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22273
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: TLS security for DNS: Not in Firefox style, please

Unread postby Moonchild » Sun, 05 Aug 2018, 18:42

This has already been discussed. DNS-over-HTTP(S) (or "D'Oh!" as I call it) is IMHO the wrong approach for untrusted local networks, and specifically requires implicit and explicit trust in the resolver chosen. It may have a use in some corners cases but I don't plan to cater to it.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

LigH1L
Moon lover
Moon lover
Posts: 91
Joined: Fri, 22 Feb 2013, 19:08
Location: NoDSL.de - rural central Germany

Re: TLS security for DNS: Not in Firefox style, please

Unread postby LigH1L » Sun, 05 Aug 2018, 18:46

Moonchild wrote:DNS-over-HTTP(S) (or "D'Oh!" as I call it) ...


:lol: Perfect reply.


Return to “Technical chat”

Who is online

Users browsing this forum: No registered users and 3 guests