[talk] Vixie meeting
george at ceetonetechnology.com
Wed Feb 26 08:32:20 EST 2020
On 2/26/20 8:31 AM, Christos Zoulas wrote:
> Here is a good explanation of how it all works:
> https://www.netmeister.org/blog/doh-dot-dnssec.html <https://www.netmeister.org/blog/doh-dot-dnssec.html>
Definitely. Jan posted that a while ago... it's a really useful overview.
There's also previous Vixie presentations from vBSDCon, etc on YouTube.
>> On Feb 26, 2020, at 8:26 AM, George Rosamond <george at ceetonetechnology.com> wrote:
>> On 2/25/20 11:19 AM, George Rosamond wrote:
>>> As some of you may know, the Vixie meeting next week should raise some
>>> interesting issues with DoH and DoT... basically DNS lookups encrypted
>>> over https or tls instead of clear text over UDP.
>>> The issue is a bit more complex than it seems on the surface.
>>> Most broadly, of course DNS lookups should be encrypted, but what's
>>> disturbing is that US FF will be set to go to Cloudflare, who obviously
>>> know this is a wonderful data-mining opportunity.
>>> The whole issue of "privacy" gets distorted too easily. Yes, you should
>>> have privacy in DNS lookups, but sending encrypted lookups to one
>>> provider is a recipe for privacy from "the other" while centralizing a
>>> few huge collectors of that data.
>>> Yes, more providers should be running DOT servers, but that in itself
>>> isn't the answer.
>>> This link raises the issue, but misses the dangerous implications of DOH:
>> This paper is an example of how centralizing DNS lookups is dangerous in
>> more "outlier" cases with more sophisticated adversaries on the Tor
>> network for anyone interested in diving deeper (the cached PDF version
>> should work):
>> talk mailing list
>> talk at lists.nycbug.org
More information about the talk