Phillip Hallam-Baker wrote: > This was the use case that originally drove the development of OmniBroker. > > If we do DNS Encryption right it is going to be very easy for end > users to chose their DNS provider and very hard for the authorities to > block them.
+1. > Security is a balance. Going through 8.8.8.8 rather than direct means > that you are leaking privacy sensitive information to Google. But that > is probably less important here than the censorship attack. noting, google's public claims about not data mining any part of the 8.8.8.8 query flow, are believable. we also now know that the greater risk is an on-path nation-state MiTM. i think we should solve for the latter and not worry about the former. vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
