On 06/11/2019 18:56, Michael Catanzaro wrote: > On Wed, Nov 6, 2019 at 4:54 pm, David Sommerseth <dazo@xxxxxxxxxxxx> wrote: >> Yes, TLSv1.3 with encrypted SNI will help to some degree, but still there IP >> addresses you connect to will still provide meta data which can be used to >> profile you and give an indication of what kind of sites you visit. > > Well that's the whole point right there. In combination with ESNI, it's no > longer possible to tell which domain you are visiting on a particular vhost. > It's not perfect, but that's still tremendously better than nothing. It is why > Mozilla and EFF are strongly promoting DoH. > Please just watch the talk by Paul Vixie (who is one of the really big DNS gurus these days, even ISC BIND maintainer for quite some years). And you will see that DoH is pointless when you have DoT. But DoT can also go much further than DoH will, when you consider the bigger part of the DNS query chain. Plus, ignoring the local networks DNS also has its own set of challenges when being added directly to browsers. Like hostnames only available inside a local network will no longer be available. But again, watch the talk, these points are well covered there. -- kind regards, David Sommerseth _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
