Comment by meindnoch
21 hours ago
>Also shoving every protocol under the sun into HTTPS just feels wrong. I get why it's happening (too many middleware boxes and ISPs think internet == web).
But the HTTP part of HTTPS is invisible to middleboxes. They see an opaque TLS stream.
Usually.
Some middleboxes inspect the TLS session setup (e.g., SNI sniffing) and in some corporate environments they even decrypt the traffic (this relies on the endpoints having a root certificate installed that allows this functionality, which is something you'd see in a corporate environment).
Ok, but at that point there's zero benefit to DoH anyway.
There might be: even if my employer can decrypt traffic, there's no reason for either of my scumbag internet service providers to be able to.