📝 Correction | DNS page doesn't mention DNS-over-TLS profiles, particularly opportunistic mode #2060
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#2060
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
In https://www.privacytools.io/providers/dns/#dns-definitions, there are definitions which don't include DNS-over-TLS having two modes, opportunistic/automatic and manual. In opportunistic mode DoT is attempted with DNS server provided by DHCP and wihle it is vulnerable for downgrade and MITM (due to certificate validation skipping), it doen't have the issue of centralising everything to a single encrypted DNS provider that is hardcoded in apps (which is often said about Firefox).
Why I am making the suggestion
This is an important difference between DoT and DoH, and I view PrivacyTools as being in a good position to inform users about it.
My connection with the software
I was one of the original authors of the DNS page and I think this information was removed as a part of some cleanup (or maybe it never got past draft). I have no connection to the RFCs or their authors that I know of.