Comment by Mister_Snuggles
1 day ago
Usually.
Some middleboxes inspect the TLS session setup (e.g., SNI sniffing) and in some corporate environments they even decrypt the traffic (this relies on the endpoints having a root certificate installed that allows this functionality, which is something you'd see in a corporate environment).
Ok, but at that point there's zero benefit to DoH anyway.
There might be: even if my employer can decrypt traffic, there's no reason for either of my scumbag internet service providers to be able to.