Hi,
Summary:
+1
Details:
Way back in the early days of DPRIVE I commented that without
dealing with the recursive to auth link you end up with a privacy
increase that is not quite as good as Tor (but is a big improvement).
Remember the goal: to increase the cost of mass surveillance.
With what we have, people are joining an anonymity set of those
using the recursive resolver. The watchers know what domains
the community is interested in by watching the "internet" side
of the resolver. To de-anonymise the set the watcher
needs to watch the network on "both sides" of the recursive resolver
and do timing analysis.
With phase 2 in place, even with the above watching and timing
analysis all they will know is which auth server a client was interested
in, but not what the query was.
Thus, to really know what is going on the watchers must compromise
the recursive resolver. And that is a cost increase beyond timing
correlation.
Thanks Stephane for creating "step-2" to describe some of the challenges,
particularly authenticating the authoritative resolver ("authing the auth?").
Regards, Hugo
_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy
