top | item 25155413

(no title)

Yeah, let's start feeding our mail, ftp, ntp, and everything else over HTTPS as well now we're at it!

DoH is DNS done completely wrong. It's the worst patch solution to a problem that should have been solved correctly long ago!

discuss

danShumway|5 years ago

> Yeah, let's start feeding our mail, ftp, ntp, and everything else over HTTPS as well now we're at it!

...yes?

Holy crud, this is practically the most basic principle in security. If you don't want somebody to read it, encrypt it. This is exactly why we don't use email, unencrypted ftp, or SMS for anything that needs security or privacy. Don't send important information over plaintext!!

unixsheikh|5 years ago

I think you misunderstand. Of course everything needs to be encrypted. However, feeding everything through HTTPS is WRONG! This is basic computer and network engineering. If you want to encrypt DNS, fine encrypt DNS, but flipping leave the HTTPS protocol out of it!

Furthermore, the destination IP address is ALWAYS in clear text when you use HTTPS. Which demonstrates exactly why this is so wrong.

DoH - is fake privacy, it's nothing more than extra sugar on Cloudflares spying cake - and more funding for Mozilla.

Wake up.