Firefox 92

[JshWright]

HTTPS RR is great, but not super useful at this point... I wish they would would invest more in stuff that would have a practical benefit to user experience/security. Firefox's lack of TouchID support for WebAuthn is what keeps me on Chrome.

[mawise]

Feel free to chime in on the open bug report for this missing feature. Maybe more attention will provoke progress: https://bugzilla.mozilla.org/show_bug.cgi?id=1536482

[JshWright]

I "voted" on it a couple years ago. I assume "+1" comments are frowned upon, since that's the point of the voting feature.

[amaccuish]

> HTTPS RR is great, but not super useful at this point.

I still find it a shame that SRV records never caught on. Active Directory uses them very well

[Zash]

and SIP, and XMPP, and maybe the odd email client

[_abox]

And full FIDO2 token (e.g. yubikey) support for passwordless (CTAP, also part of webauthn) would also be amazing.

[xfalcox]

Did you get Firefox to actually issue those HTTPS RR requests? Or is it locked behind using DoH ?

[JshWright]

HTTPS RR really only makes sense with DoH.

[xfalcox]

Why?

- Apple devices running iOS 14+ are querying HTTPS RR for some time now, and they work on normal DNS setups.

- Google Chrome just enabled HTTPS RR queries over standard DNS on version 92.

[JshWright]

If an attacker is in a position to downgrade your TLS connection, they are in a position to much with your standard DNS responses as well.