Reply to post: Re: Executives are allowed to ignore anything they want because they deserve it.

Google: We're not killing ad blockers. Translation: We made them too powerful, we'll cram this genie back in its bottle

JohnFen Silver badge

Re: Executives are allowed to ignore anything they want because they deserve it.

"How does it cope with hardcoded DoH addresses"

It doesn't, that's why it's an incomplete solution. But, in practice and if you're using Firefox (where you can specify what DoH server it will use), it will cover the majority of lookups. But that only covers the web, and only for lookups made by Firefox itself. It wouldn't cover hardcoded lookups by client-side scripts, for instance.

"And MITMing SSL is almost always a really REALLY bad idea!"

Yeah, I did that reluctantly. I put a lot of thought into it, balancing the pros and cons for my situation, and doing that was the least-bad alternative that I saw. If anyone can come up with a better solution, I'm extremely eager to hear it. I'd love to be able to remove the MITM.

I don't think I'll ever really forgive Mozilla for its energetic support of DoH.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019