On Wed, Jun 10, 2020 at 9:37 AM Paul Wouters <[email protected]> wrote: > > On Jun 10, 2020, at 07:55, Shumon Huque <[email protected]> wrote: > > > > > > > > The more I think about all the privacy leaks that have to be plugged at > > the DNS and application layers, Tor increasingly looks better as a > > general purpose solution (either as a network to funnel DNS messages > > through, or even better, having zone operators locate authority servers > > inside Tor as hidden services). It has a significant performance cost, > > but real privacy always does. > > You don’t really mean tor, but you mean a shared pool of resolvers used by > a large group that breaks the one on one relationship between queries and > answers. > > It’s fine if we connect to that using DoT or DoH. >
Well, not as good as Tor's onion routing, or real mix networks, but that would be a step in the right direction. But pervasive network adversaries that can observe both sides of the traffic and perform traffic correlation attacks are still a threat. So, ideally something should be done on the authoritative server side too. If we configure zones on large shared hosting providers, then the hosting provider becomes the privacy adversary or the point of coercion. Shumon.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
