On Tue, 2020-06-09 at 23:54 +0200, nusenu wrote: > > However, thinking about it, DNSSEC might be useful for caching DNS > > records on the client side. > > caching has privacy implications and is therefore a risk. >
So you are saying that caching is not an option in any case, right? Can I kindly ask you to elaborate on this? You don't have to write a long answer. A link pointing me to the answer would be more than enough. I just want to understand the reason behind this. > > > My vision for DNS privacy in Tor Browser: > > > Be able to visit a HTTPS website without the exit relay learning > > > what > > > domain it was > > > (encrypted DNS + encrypted SNI) > > > > > > > Makes sense. Which nameserver are you planning to use, since the > > used > > provider will get all Tor Browser DNS queries? Do you (the Tor > > project) > > plan to host your own DNS resolver(s)? > > based on statements from Roger about what is the max. acceptable size > of > a single exit operator in terms of fraction of the network I'd assume > that it > is somewhat ok to use a single resolver operator for about 5% of the > total exit traffic. > That means we need at least 20 resolver operators, preferably 30. > We could come up with requirements for them (Mozilla's DoH resolver > requirements is a start) > and make use of public privacy aware DNS resolver operators that > meet the requirements. > It might also be possible to ask well established exit operators to > run DoH endpoints > on their resolvers. This would have positive performance implications > and increase the number > of available DoH servers. > > but finding resolvers is probably one of the smaller issues when > compared to getting > everything implemented in firefox/tor browser. Current versions do > not even allow > to set more than one resolver URL. > I see. Are there any tickets or design proposals I can contribute to? Since you have no comments on my suggestion for an alternative approach, I assume that it is not worth to compare it to DoH, right? > kind regards, > nusenu > BR Christian > _______________________________________________ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
