Re: [Doh] Request for the DOH WG to adopt draft-hoffman-resolver-associated-doh

["Ralf Weber" <dns@fl1ger.de>]

Moin!

On 23 Jan 2019, at 8:25, Daniel Stenberg wrote:

> For me, one of the key elements and features with DoH is that I as a 
> user have picked a DNS provider I decide to trust.
That is a decision maybe you or me can take as an informed user with 
knowledge of how networks work. Most users and I’m using all of my 
wider family that I support technically as an example could not make 
such a decision. Sure they could click somewhere like they clicked 
ignore cert or enhance your computer multiple times which lead to tons 
of work on my side. This is why I’d like only informed users to make 
that change and let the ISP or network admin running DNS enhance their 
security by pointing them to DoH server.

> Be it a global CDN provider or my own cloud instance.
Well if you run your own DNS instance you soon find out that your Web 
performance especially video is bad, when you are not near your DNS 
server, as none of the big CDN companies will look at the client subnet 
extension you send.

> Any other way, with the ISP or my local network admins telling me what 
> server to use, is a major setback in my view.
>
> All forms of opportunistic DoH will make it no better than 
> opportunistic DoT, which ultimately will fail to protect my privacy.
Well you can protect your privacy today by manually changing you DNS/DoH 
provider already. So the use case described in here is not for you, but 
instead for those that can not make these informed changes.

So long
-Ralf
—--
Ralf Weber