Comment by tptacek
1 day ago
I don't think we need any way to distinguish these situations any more than we needed to preserve the non-ephemeral key exchanges in the jump from TLS 1.2 to TLS 1.3, which were opposed for the same reason. You can control which computers you allow on your network, and allow only computers which give you endpoint monitoring. The 2025 TCP/IP protocol stack should not be going out of its way to give network operators more visibility into what applications are doing.
> You can control which computers you allow on your network, and allow only computers which give you endpoint monitoring.
This would be a great argument if it was actually feasible, but then you have Chromecasts hard-coding Google's DoH servers to prevent ad blocking etc., and devices doing automatic firmware updates to change things like that after you've already bought them.
Pass the law that says the customer has to be given root and the ability to install custom firmware on any device they buy before saying that is reasonable.
You're not going to get either of those things. The market has converged on DoH and applications will continue to run it, and you're not going to get a law giving you root on all the devices that go on your network. If you're concerned about Chromecast's DNS, don't hook up a Chromecast. I don't, and I'm doing fine.
Saying "the market" when you're mainly just talking about Firefox and Chrome implies that it couldn't be changed just by convincing a small set of specific people.
And we'll yet see about that law. Right to repair is pretty popular.
1 reply →