TLS security for DNS: Not in Firefox style, please

General discussion and chat (archived)
User avatar
LigH1L
Fanatic
Fanatic
Posts: 122
Joined: 2013-02-22, 19:08
Location: rural central Germany

TLS security for DNS: Not in Firefox style, please

Unread post by LigH1L » 2018-08-05, 18:33

A German blogger (known for security audits and notorious for "conspiracy theories"), Fefe, mentioned ways to make DNS more secure and pointed out flaws in the technology which the publisher Heise (c't and iX magazine) proposes and Firefox will support soon (JSON via TLS via Cloudflare, network.trr.mode).
Last edited by LigH1L on 2018-08-05, 18:34, edited 1 time in total.
Fun and success!

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35476
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: TLS security for DNS: Not in Firefox style, please

Unread post by Moonchild » 2018-08-05, 18:42

This has already been discussed. DNS-over-HTTP(S) (or "D'Oh!" as I call it) is IMHO the wrong approach for untrusted local networks, and specifically requires implicit and explicit trust in the resolver chosen. It may have a use in some corners cases but I don't plan to cater to it.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
LigH1L
Fanatic
Fanatic
Posts: 122
Joined: 2013-02-22, 19:08
Location: rural central Germany

Re: TLS security for DNS: Not in Firefox style, please

Unread post by LigH1L » 2018-08-05, 18:46

Moonchild wrote:DNS-over-HTTP(S) (or "D'Oh!" as I call it) ...
:lol: Perfect reply.
Fun and success!

Locked