On 12/23/19 10:04 AM, Giles Orr via talk wrote:
Firefox now makes available DNS-over-HTTPS. I'm a big fan of security
and privacy, but I'm struggling to see the gains here: we stop some
hypothetical observer from finding out what domain name we're querying
... and then immediately turn around and ask that domain for a web
page. You hid the destination in your first query ... only to
immediately expose it with your next query.
That assumes a 1:1 relationship between the IP address and the domain
name searched.
Web servers now supports the ability to have multiple domains appear on
a single IP even with HTTPS.
So if your using a proxy service like Cloudflair then it may be very
difficult to know exactly what domain the request is going to.
I admit I'm thinking of our hypothetical advisor being at the ISP:
they'll see both types of queries anyway. I suppose the argument can
be made that an observer on the path to the DNS but not at the ISP has
been stymied, but this seems ... lower value. Still, is that
primarily what this will stop?
This will also make it harder for people who are on your wifi link to
snoop on what your trying to connect to.
Still any security enhancement is a security enhancement and makes it
harder for others to steal your information, and generally that is a
good thing.
--
Alvin Starr || land: (647)478-6285
Netvel Inc. || Cell: (416)806-0133
[email protected] ||
---
Post to this mailing list [email protected]
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
