It's not clear to me whether Paul is expressing approval of the whole shebang
at this point, or just the one change they've made, but, just on first look,
I don't think that change addresses *my* distaste for DoH, as discussed in
last month's 100-poster. 
TL;DR: they (Chrome) won't enable DoH unless it's being run from an internet
which they know supports it; there are apparently a list of 8-12 ISPs/etc
which are announcing such support.
Cheers,
-- jra
The difference is that Chrome won’t use resolvers other than the ones you’ve configured yourself, and will simply opportunistically upgrade to DoH if they detect that those resolvers support it.
In other words, there is no usurpation of administrative intent.
the relevant sentiment is: thanks for whitelisting a fixed number of them so i can block them.
t
+1
Not quite… Vixie wants the services to not exist to any (possibly compromised) device on his network. So it’s less about what Chrome does than whether the service shares fate with a service he wants to use. Google supporting DoH on 8.8.8.8:443 is acceptable to him because he can block that, while Google supporting DoH on www.google.com/dns would not be ok since he would be unable to block it.
Damian