On Wed, Jun 10, 2020 at 10:17 AM Bill Woodcock <[email protected]> wrote:
> > >>> > The more I think about all the privacy leaks that have to be plugged > at the DNS and application layers, Tor increasingly looks better as a > general purpose solution (either as a network to funnel DNS messages > through, or even better, having zone operators locate authority servers > inside Tor as hidden services). It has a significant performance cost, but > real privacy always does. > > >> You don’t really mean tor, but you mean a shared pool of resolvers used > by a large group that breaks the one on one relationship between queries > and answers. It’s fine if we connect to that using DoT or DoH. > > > Well, not as good as Tor's onion routing, or real mix networks, but that > would be a step in the right direction. > > How does this differ from the two already-competing “oblivious DNS” > proposals? > I haven't followed recently. Has a draft been submitted to DPRIVE? I’m generally for them, but to actually offer any security, they require > that the ingress and egress nodes be operated by different parties. Which > is fine for _me_, as long as I can find a counterparty, but what about for > someone else, who needs to find two parties, and needs some way to ensure > that they’re not in cahoots? Anyway, I like the idea, but I haven’t yet > seen any proposals that get much beyond hand-waving about the practical > aspects. > Yes, the collusion risk between the ODNS and RDNS operator is a significant weakness, although I suspect that might be deemed acceptable for many folks.. Shumon.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
