Re: Executives are allowed to ignore anything they want because they deserve it.
"How does it cope with hardcoded DoH addresses"
It doesn't, that's why it's an incomplete solution. But, in practice and if you're using Firefox (where you can specify what DoH server it will use), it will cover the majority of lookups. But that only covers the web, and only for lookups made by Firefox itself. It wouldn't cover hardcoded lookups by client-side scripts, for instance.
"And MITMing SSL is almost always a really REALLY bad idea!"
Yeah, I did that reluctantly. I put a lot of thought into it, balancing the pros and cons for my situation, and doing that was the least-bad alternative that I saw. If anyone can come up with a better solution, I'm extremely eager to hear it. I'd love to be able to remove the MITM.
I don't think I'll ever really forgive Mozilla for its energetic support of DoH.