> On Nov 2, 2019, at 4:57 AM, Stephane Bortzmeyer <bortzme...@nic.fr> wrote:
>
> On Fri, Nov 01, 2019 at 03:40:51PM -0700,
> Tommy Pauly <tpauly=40apple....@dmarc.ietf.org> wrote
> a message of 393 lines which said:
>
>> We've posted new versions of our drafts on discovering designated DoH
>> servers, and Oblivious DoH:
>
> If you want to separate the knowledge of the source IP address and the
> knowledge of the QNAME, I still don't understand what is the point of
> Oblivious DoH when we can simply connect to the DoH resolver over
> Tor. This really deserves an explanation in the draft.
You're correct that using DoH over Tor would achieve some of the goals, at
least as far as separating client IP addresses and
query contents! However, there are a couple reasons we're interested in having
DoH servers directly support receiving Oblivious queries:
- Coming from the perspective of an operating system, we're trying to define a
solution that can be a relatively lightweight extension
to standard protocols that can be enabled as a default mode for users when we
need to improve privacy. Distributing public keys
through DNS, and adding a proxy + encryption step to DoH is more practical for
this kind of deployment than using Tor. Tor is also
meant as a generic connection-level anonymity system, and thus seems overly
complex for the purpose of proxying a request/response
protocol such as DNS.
- If you do DoH over Tor, the client is still doing an end-to-end TLS
connection with the server (thus allowing for more fingerprinting
surface), and the DoH server can still track the patterns of resolution that a
single client does within their TLS connection. In order
to mitigate the correlation of resolutions, a client could open a new
connection for each query, but that gets expensive as well.
Encrypting at the DNS message level, per-query, within longer-lived connections
between clients and proxies, and proxies and target
servers, decreases the ability to correlate more effectively with fewer
round-trips.
Thanks,
Tommy
_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy
