>>> > The more I think about all the privacy leaks that have to be plugged at >>> > the DNS and application layers, Tor increasingly looks better as a >>> > general purpose solution (either as a network to funnel DNS messages >>> > through, or even better, having zone operators locate authority servers >>> > inside Tor as hidden services). It has a significant performance cost, >>> > but real privacy always does.
>> You don’t really mean tor, but you mean a shared pool of resolvers used by a
>> large group that breaks the one on one relationship between queries and
>> answers. It’s fine if we connect to that using DoT or DoH.
> Well, not as good as Tor's onion routing, or real mix networks, but that
> would be a step in the right direction.
How does this differ from the two already-competing “oblivious DNS” proposals?
I’m generally for them, but to actually offer any security, they require that
the ingress and egress nodes be operated by different parties. Which is fine
for _me_, as long as I can find a counterparty, but what about for someone
else, who needs to find two parties, and needs some way to ensure that they’re
not in cahoots? Anyway, I like the idea, but I haven’t yet seen any proposals
that get much beyond hand-waving about the practical aspects.
-Bill
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
