1. Forum
  2. Newsgroups
  3. comp.security.misc

  • =?UTF-8?Q?Macs=2c_iPhones=2c_iPads_to_get_encrypted_DNS_=e2=80=93_h?= =?UTF-8?Q?ow'd_you_like_them_Apples=3f_Cupertino_idiot-tax_corp_is_fashiona?= =?UTF-8?Q?bly_late_to_the_party?=

    From Kieren Nicolas Lovell@kieren@kierennicolas.com to comp.security.misc on Sun Jun 28 23:53:10 2020
    From Newsgroup: comp.security.misc

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256


    WWDC Apple this year will boldly go where its peers have gone before by implementing support for encrypted DNS in iOS and macOS.

    "Starting this year, Apple platforms natively support encrypted DNS,"
    said Tommy Pauly, internet technologies engineer, in a video
    presentation for Apple's 2020 Worldwide Developer Conference,
    virtualized this year by necessity.

    More specifically, macOS 11, iOS 14, and Mac Catalyst framework 14 (for
    Mac version of iPad apps) will support DNS-over-TLS (DoT) and
    DNS-over-HTTPS (DoH). These Apple operating system updates are scheduled
    for release later this year, likely in September or October.

    When you visit a website with a browser, or connect to a service via an
    app, the software will, typically, in the background send domain-name
    system (DNS) queries to DNS servers, such as ones provided by your ISP,
    to translate domain names, like theregister.com, into network IP
    addresses the programs can use. These queries are typically sent
    unencrypted, meaning eavesdroppers on the network path can snoop on the
    names of sites and services you're using, and modify the query results
    to redirect you to malicious websites.

    Encrypted DNS, as its name suggests, encrypts those queries to shield
    them from snoops and meddlers.

    DoT started taking shape in 2014. A proposal to establish DoH as a
    standard was drafted in 2017. And a year later, a research paper
    presented at a Usenix conference underscored the need for better
    security when it reported that about 8.5 per cent of DNS queries were intercepted by service providers.

    Around that time, with standards in place, internet companies got
    serious about encrypting DNS queries, and people had arguments about how
    DoH disempowers network administrators and let people flout filters put
    in place to protect them from smut and illegal content.

    Cloudflare began supporting DNS-over-TLS and DNS-over-HTTPS queries in
    2018 with the launch of its 1.1.1.1 DNS service. Mozilla began rolling
    out DoH support last year.

    Google began testing DoH last year and just implemented it in Chrome 83 recently. Microsoft talked about secure DNS last year and is now testing
    it for Windows. Even Comcast joined the party this week with Firefox.

    Which brings us back to Apple.

    Full story: https://www.theregister.com/2020/06/27/apple_dns_macos_ios/ -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEERD1MOZjGRQLqpSYmj4/UTHxzPQUFAl75AzYACgkQj4/UTHxz PQU/6A//Th9or4qenAJnVsNxhkrkGLEeKJmy2TjnfiL5j/NPgvCFWwcXHz/Li13W TKZogRInO70z9Dzwe11NytHV73sc7z4ktmykcQe1+lVgK0d9+4OLVMNUDN+EdoyO dE8jM0B5DZQMUJe56cuuTmAtp3gUCEF5hDBR2vZ9z8DqX7t2CkYAEmKM3Faso05F OLlISIr8IpvrlPpNlWqLClp6eccRw5ipFNLSG+mn8Xt4VNAD/u928X3WdM+WiYkv v1Sy/n1O4af79UIq/Cio/T1YBn2zULolikqUjDMPuy3LU0J6KFwlhB5sK894ry9u nF50azlEzk48lSkBtK4608BPRtOgIfybKLllFXFN5lLSPhjdAuZBSQLID+QNl76h kyR7U0ZjIZl1xit87ccZWqwcVF5DNHqnS572vUQsgCjyf8vYfYu9BZPQ0tRsB9Eb v5hu49EMG85oz+AsYnPmc3UhfiweWmY+fY0pc3W8rDHgKdvKIAYmWhxHTzpg2Y3l itc4G9IFc2XrAVBeJingxsnLx9Xowj6Q8GOR10AS+O2vhrhj3D8VG61mGsz0hd5c lw7O8Gm9ukFqiltKX2lQ63iW2lDLGKSfrGyo7fCol+/CWMJNiCzfXC+XYUivtb4X 2A2qwiKsWTSSiKkcKiG5Hg6MTj0q+ZCThNhwoSnEuEx/IqmhWhM=
    =+u86
    -----END PGP SIGNATURE-----
    --- Synchronet 3.18a-Linux NewsLink 1.113