On Fri, Mar 21, 2014 at 10:59 AM, Paul Vixie <[email protected]> wrote: > > > Phillip Hallam-Baker wrote: >> This was the use case that originally drove the development of OmniBroker. >> >> If we do DNS Encryption right it is going to be very easy for end >> users to chose their DNS provider and very hard for the authorities to >> block them. > > +1. > >> Security is a balance. Going through 8.8.8.8 rather than direct means >> that you are leaking privacy sensitive information to Google. But that >> is probably less important here than the censorship attack. > > noting, google's public claims about not data mining any part of the > 8.8.8.8 query flow, are believable. we also now know that the greater > risk is an on-path nation-state MiTM. i think we should solve for the > latter and not worry about the former. > > vixie
I didn't want to bring this up earlier for obvious reasons, the countermeasure that has been deployed is to just block Google DNS as well. We have to have a strategy that does not rely on one party to carry the net. That just makes them a target. -- Website: http://hallambaker.com/ _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
