> On Jul 14, 2018, at 8:27 PM, Stephane Bortzmeyer <[email protected]> wrote:
>
> On Tue, Jul 03, 2018 at 06:18:51PM -0400,
> Ben Schwartz <[email protected]> wrote
> a message of 293 lines which said:
>
>> My main question for the authors is: how does this compare to
>> routing a DNS-over-TLS socket through a TCP forwarder?
>
> Isn't it what Tor is doing? Reasons to use Tor:
>
> * well known and studied, privacy-wise
> * there is even a public DoH resolver in .onion
> <https://blog.cloudflare.com/welcome-hidden-resolver/>
>
> My first feeling about Oblivious DNS is that it looks like a
> reinvention of Tor, specific to the DNS.
Quite a different thing entirely.
A few notes:
1. Tor is vulnerable to DNS fingerprinting, particularly at the recursive
resolver. Many Tor exits use Google public DNS (~40%, by exit throughput),
making re-identification possible. See our paper on this:
https://arxiv.org/abs/1609.08187
2. Tor users pay a significant performance cost vs. ODNS.
3. Tor and .onion in particular have some pretty serious usability problems.
See our recent study on that:
https://arxiv.org/abs/1806.11278
Quite a bit easier to run ODNS, and it can be done per domain, as well, as
opposed to all or nothing.
I could go on. Basically: not the same thing at all.
-Nick
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
