Reply to post: Re: Perplexed

Internet imbeciles, aka British ISP lobbyists, backtrack on dubbing Mozilla a villain for DNS-over-HTTPS support

Graham Cobb

Re: Perplexed

There is value in hiding name translation. Many different sites are hosted on the same IP address (small sites use shared hosting servers, large sites use Cloudflare and others).

So, if your lookup for "badsite.childporn" (has that TLD been sold yet?) returns, that doesn't necessarily allow anyone to work out what site you were visiting as that address may also be hosting "puppies.lovely".

Note: this is only half the problem. Currently the TLS protocol used for https: traffic sends the server name in cleartext anyway! There is a new feature called "Encrypted SNI" to encrypt that. There is a good blog post explaining it on the Cloudflare site.

So, DOH is half the answer, ESNI is the other half.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2019