0

ECH Support on mobile?

I just read about ControlD supporting ECH on mobile through trusting the RootCA certificate. Is this available on NextDNS? 
 

ECH further encrypts your queries on the DNS level. On browsers it seems to work on NextDNS but I’m not sure how ControlD claims they made it work on mobile too.

On ControlD’s blog they mention this:

  • EncryptedClientHello support - Enables support for bleeding edge privacy TLS extension, internet-wide, even for websites that don't support it. This feature will require a root CA installation to work.

 

https://www.cloudflare.com/ssl/encrypted-sni/ is the site to test. NextDNS supports this already.

1 reply

null
    • NextDNs
    • 3 mths ago
    • Reported - view

    This would require our root CA on your device + the proxying of all your traffic through our servers which 1/ would be a major security risk for you and 2/ isn’t the role of a DNS service. The risk / benefit isn’t worth it.

Login to reply

Content aside

  • 3 mths agoLast active
  • 1Replies
  • 100Views
  • 2 Following