Food for thought: "If you can protect it, you can keep it". (keynote on DoH vs. DoT)

I watched a thought-provoking keynote presentation my Paul Vixie, one of the founding fathers of the Internet (who is the mastermind behind the very foundational FOSS DNS server software BIND9).

His slide where he explained the “Peace of Westphalia” was really deep. (Fast forward 16:47 in).

He makes a big point that you need the means to defend that which you believe you own, or you will be doomed to eventually lose ownership of it.

He feels DNS-over-HTTPS (DoH) is bad, because you don’t really have the ability to “defend” any longer (because you lose much of the utility of many network debugging tools like tcpdump), which you would still have, if you used DNS-over-TLS (DoT), which he strongly advocates.

He feels the likes of Mozilla and Cloudflare are not smart to push DoH, because governments are sure to take advantage of the much-easier ability to control the endpoints.

What do you think?