DoH or DoT
DNS over HTTPS or DNS over TLS
I had hoped by now I would have a clear idea of which standard I prefer.
Both seem to have slight advantages over the other, but it seems to come down to privacy as the big difference.
On the one hand I understand network admin need to be aware of what data is flowing though their systems, but then why bother to use encrypted DNS if it does not provide privacy.
Being actually private does not allow for slightly private or somewhat private.
It is either private and secure or it is not.
That seems like being almost or slightly pregnant. You either are or you are not, there is no shades of grey.
The Register give a good explanation of the current argument and the pros and cons of both.
Basing my response purely on the last part of that article:
So which are you? Someone ready to accept that the internet is dominated by a small number of big players in order to improve everyone's privacy; or someone who thinks that the internet has to be retained as a network that can go any direction it needs to and must be able to defy anyone else's efforts to control it?
I think it's important to keep the internet as what it is - an interconnected web of devices. I must admit I don't know exactly the difference between DoT and DoH (both TLS/SSL and HTTPS are encrypted right?) but if DoT is more in line with the core ideas of the internet, I'll side with that.
Initially I was leaning towards DoT, but as I can't trust Governments not to be tampering with the networks, I am now leaning towards DoH.
@dr-flay if, as the article suggests, DoH relies on large corporate entities like Google, then as far as I'm concerned there is no such privacy to be had.
See what I mean. Caught between a rock and a hard place.
Both have negatives I don't like
@dr-flay Exactly, but I think I put my vote (if it counts for anything at all) on the side of privacy. We can learn more about DoT as time goes on and if it can provide both, well then we'll see. As opposed to diving in both feet first and we'll see if if we can swim later.
Great article by the way!
I now have either or both whenever I want, once I realised DNSCrypt had added it.