On Sun, Oct 18, 2020 at 02:40:17PM -0700, Jordan Geoghegan wrote: > [..] As I see it, it's just a couple TLS > handshakes which look identical to DNS over HTTPS traffic (which use the > ubiquitous port 443).
Heh, that is kinda funny. If you haven't disabled DNS over HTTPS network wide you certainly will not care about this information disclosure. I am very glad that the Mozilla folks made this easy to do with DNS tricks (so I could do it even for remote networks w/o site visit or using remote hands on every windows machine). > Unless there's something I'm missing (or that the > paranoiacs failed to address) I'm pretty sure this is one of the only viable > solutions for combating the chicken and egg clock problem TODAY. This thread had several (from my POV) better ones already, but they all have the downside of needing local setup / configuration. Which I don't consider a big deal (or even a plus). However, it it totaly fine to behave like you described for all users unable to provide the needed services localy or conciously choses not to - as long as the rope is provided to override things and go with a better (according to local metrics, for the local setup) solution. Martin
