@jpmens Very poor article (as always with McCarthy, the form trumps the content). 1) It never mentions the possibility of other DoH resolvers, outside of Cloudflare 2) It never mentions that DoH to the ISP resolver is pointless since the problem is pecisely the ISP's resolver behaviour.
@x_cli @jpmens Yes, the default is very important (most users won't change it or wouldn't even dare to think about it). That's why the default must be towards security. If the ISP were to pledge solemnly to follow the principles of network neutrality and privacy, they would have a right to complain. But they don't. Quite the opposite.
Also, yes, the default choice is very important but most anti-DoH texts lie by claiming that Mozilla forces the use of CLoudflare. This is simply not true.
@bortzmeyer @jpmens Most sound people complain about Mozilla-Cloudflare partnership. Not about DoH itself, although there is a bit to say about it as a protocol as well.
I, for one, have no problem with Chrome strategy for DoH implementation and deployment. But I am a fierce opponent of Mozilla's strategy.
"As a side-note: we already deny RFC1918-addresses from DNS-over-HTTPS
responses so in that regard, using TRR will save you from these DNS attacks!"
So, I was wrong. DoH-to-Cloudflare-by-default is not an issue, as far as DNS rebinding is concerned. Sorry 😶😥
Le réseau social de l'avenir : Pas d'annonces, pas de surveillance institutionnelle, conception éthique et décentralisation ! Possédez vos données avec Mastodon !