[ori_b]

> Thanks to the ossification of the internet, every new protocol or protocol extension needs to be over HTTPS.

If someone can tell you're using HTTPS instead of some other TLS-encrypted protocol, that means they've broken TLS.

[toast0]

> If someone can tell you're using HTTPS instead of some other TLS-encrypted protocol, that means they've broken TLS.

Lots of clients just tell the world. ALPN is part of the unecrypted client hello.

[kassner]

I’d say nowadays 443/tcp is the only port that you’ll find open in any usable network, anything else is part of a corporate network whack-a-mole game. So while DoH and DoT traffic shouldn’t be distinguishable, 853/tcp is surely a weird port in the grand scheme of things.