TLS security for DNS: Not in Firefox style, please

For the more technical/geeky chat subjects!

Moderator: satrow

LigH1L
Fanatic
Fanatic
Posts: 100
Joined: 2013-02-22, 19:08
Location: NoDSL.de - rural central Germany

TLS security for DNS: Not in Firefox style, please

Unread post by LigH1L » 2018-08-05, 18:33

A German blogger (known for security audits and notorious for "conspiracy theories"), Fefe, mentioned ways to make DNS more secure and pointed out flaws in the technology which the publisher Heise (c't and iX magazine) proposes and Firefox will support soon (JSON via TLS via Cloudflare, network.trr.mode).
Last edited by LigH1L on 2018-08-05, 18:34, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 23243
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: TLS security for DNS: Not in Firefox style, please

Unread post by Moonchild » 2018-08-05, 18:42

This has already been discussed. DNS-over-HTTP(S) (or "D'Oh!" as I call it) is IMHO the wrong approach for untrusted local networks, and specifically requires implicit and explicit trust in the resolver chosen. It may have a use in some corners cases but I don't plan to cater to it.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

LigH1L
Fanatic
Fanatic
Posts: 100
Joined: 2013-02-22, 19:08
Location: NoDSL.de - rural central Germany

Re: TLS security for DNS: Not in Firefox style, please

Unread post by LigH1L » 2018-08-05, 18:46

Moonchild wrote:DNS-over-HTTP(S) (or "D'Oh!" as I call it) ...
:lol: Perfect reply.

Locked