Re: [DNSOP] on the subject of dnse
On Fri, Mar 21, 2014 at 10:59 AM, Paul Vixie p...@redbarn.org wrote: Phillip Hallam-Baker wrote: This was the use case that originally drove the development of OmniBroker. If we do DNS Encryption right it is going to be very easy for end users to chose their DNS provider and very hard for the authorities to block them. +1. Security is a balance. Going through 8.8.8.8 rather than direct means that you are leaking privacy sensitive information to Google. But that is probably less important here than the censorship attack. noting, google's public claims about not data mining any part of the 8.8.8.8 query flow, are believable. we also now know that the greater risk is an on-path nation-state MiTM. i think we should solve for the latter and not worry about the former. vixie I didn't want to bring this up earlier for obvious reasons, the countermeasure that has been deployed is to just block Google DNS as well. We have to have a strategy that does not rely on one party to carry the net. That just makes them a target. -- Website: http://hallambaker.com/ ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] on the subject of dnse
This was the use case that originally drove the development of OmniBroker. If we do DNS Encryption right it is going to be very easy for end users to chose their DNS provider and very hard for the authorities to block them. Security is a balance. Going through 8.8.8.8 rather than direct means that you are leaking privacy sensitive information to Google. But that is probably less important here than the censorship attack. On Thu, Mar 20, 2014 at 11:31 PM, joel jaeggli joe...@bogus.com wrote: https://twitter.com/enginonder/status/446819815106576384/photo/1 ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop -- Website: http://hallambaker.com/ ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] on the subject of dnse
Phillip Hallam-Baker wrote: This was the use case that originally drove the development of OmniBroker. If we do DNS Encryption right it is going to be very easy for end users to chose their DNS provider and very hard for the authorities to block them. +1. Security is a balance. Going through 8.8.8.8 rather than direct means that you are leaking privacy sensitive information to Google. But that is probably less important here than the censorship attack. noting, google's public claims about not data mining any part of the 8.8.8.8 query flow, are believable. we also now know that the greater risk is an on-path nation-state MiTM. i think we should solve for the latter and not worry about the former. vixie ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] on the subject of dnse
https://twitter.com/enginonder/status/446819815106576384/photo/1 signature.asc Description: OpenPGP digital signature ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop