The recording of my talk on DNS encryption (2020 update) is now online
>> And also things like why does a device vendor have a say in what DoH resolvers should be used/are trusted? <<
that is not a feature of the protocol, but of the modern (commercial) operating systems.
Linux/BSD might use this as well to securely resolve the addresses and configuration data about their package repositories.
I see nothing wrong with that.
@cstrotm I mean, I can definitely see why vendors want that, but not necessarily why users want that. Wouldn't that also become an angle for censorship again? As in "To distribute your devices in our country you have to only allow our somehow state-law-compliant DoH Servers as Endpoints"? Or is this somehow technically prevented (which I currently don't see how)?
But mhm, maybe I try to solve society problem with tech again :|
That could be, but it would be visible for everyone looking into the DNS responses from those vendors/services.
We can't prevent state actors snooping at data, but DoH might make it transparent (which in the case of DNS is not the case today).
The original server operated by the Mastodon gGmbH non-profit