@uuim It's the browsers decision and mozilla is partnering with cloudflare. I don't understand. Google is using own DoH servers and I haven't figured out what Apple is using yet.
While I understand Google, I don't understand Mozilla. Instead of having DNS recorded on ISP level, it is now centralized on cloudflare.
DoT is perfectly fine because it has its own port. But DoH.... we have enough protocols on port 443 already. Or is this now going to be that one unblockable port for everything?
Maybe the new hackers home must include a CA and an outgoing mitm proxy to carve malicious (outgoing) requests out. But this disables all IoT devices that a) verify certificates b) use https c) cannot be tought to trust an inhouse CA (that would be all of them)
When I started my career it was a major offense to tunnel/work around the company firewall. Meanwhile, firewalls are useless because tunneling over ssl/443 is the defacto standard.
Is this not a major headache for network people? I'm missing a major outcry here. But maybe it's me not understanding the situation... or network people have given up