Hi, Summary:
+1 Details: Way back in the early days of DPRIVE I commented that without dealing with the recursive to auth link you end up with a privacy increase that is not quite as good as Tor (but is a big improvement). Remember the goal: to increase the cost of mass surveillance. With what we have, people are joining an anonymity set of those using the recursive resolver. The watchers know what domains the community is interested in by watching the "internet" side of the resolver. To de-anonymise the set the watcher needs to watch the network on "both sides" of the recursive resolver and do timing analysis. With phase 2 in place, even with the above watching and timing analysis all they will know is which auth server a client was interested in, but not what the query was. Thus, to really know what is going on the watchers must compromise the recursive resolver. And that is a cost increase beyond timing correlation. Thanks Stephane for creating "step-2" to describe some of the challenges, particularly authenticating the authoritative resolver ("authing the auth?"). Regards, Hugo _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy