Hi Kazunori, I don't know if you are aware of this, but there is discussion about forming a working group for something like ODoH: [email protected] is the mailing list. This - just like oblivious DNS more generally - is aimed at providing one additional privacy feature that your proposal does not: that of longitudinal privacy. That is, it aims to ensure that DNS resolvers aren't able to assemble profiles on people based on the set of queries they make. As deanonymization techniques are surprisingly effective, the hope is that this would go a long way to break up query flows, while avoiding added latency and overhead.
An HTTP proxy can be used in a way that breaks linkability, but it costs a lot of time and CPU. The TOR model has the same query linkability issue and even worse performance. The HPKE-based design in OHTTP (which is fundamentally the same as Oblivious DNS/DoH) trades performance for replay risk. As DNS queries are naturally pretty resilient to replay, this seems like a pretty good deal. On Mon, Jul 19, 2021, at 14:00, [email protected] wrote: > People who interests stub resolver's privacy, > > I submitted new draft "DNS over HTTPS via HTTP proxies" last week. > https://datatracker.ietf.org/doc/draft-fujiwara-dprive-doh-via-httpproxy/ > > It is a rewrite of the OARC 35 presentation. > https://indico.dns-oarc.net/event/38/contributions/858/attachments/798/1467/doh-202105060305.pdf > > It relates to Oblivious DNS over HTTPS, however, it does not propose > new protocols and new proxy software. > (it uses HTTP/1.1 CONNECT Method.) > > I will be happy > if some providers offer "open HTTP proxies for DoH providers" > and application software developpers implement "DoH via HTTP proxy" > in applications (browsers). > > # Software needs two proxy settings for DoH and other HTTP targets. > > Regards, > > -- > Kazunori Fujiwara, JPRS <[email protected]> > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy > _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
