[talk] Vixie meeting

Christos Zoulas christos at zoulas.com
Wed Feb 26 08:31:22 EST 2020


Here is a good explanation of how it all works:

https://www.netmeister.org/blog/doh-dot-dnssec.html <https://www.netmeister.org/blog/doh-dot-dnssec.html>

christos

> On Feb 26, 2020, at 8:26 AM, George Rosamond <george at ceetonetechnology.com> wrote:
> 
> 
> 
> On 2/25/20 11:19 AM, George Rosamond wrote:
>> As some of you may know, the Vixie meeting next week should raise some
>> interesting issues with DoH and DoT... basically DNS lookups encrypted
>> over https or tls instead of clear text over UDP.
>> 
>> The issue is a bit more complex than it seems on the surface.
>> 
>> Most broadly, of course DNS lookups should be encrypted, but what's
>> disturbing is that US FF will be set to go to Cloudflare, who obviously
>> know this is a wonderful data-mining opportunity.
>> 
>> The whole issue of "privacy" gets distorted too easily.  Yes, you should
>> have privacy in DNS lookups, but sending encrypted lookups to one
>> provider is a recipe for privacy from "the other" while centralizing a
>> few huge collectors of that data.
>> 
>> Yes, more providers should be running DOT servers, but that in itself
>> isn't the answer.
>> 
>> This link raises the issue, but misses the dangerous implications of DOH:
>> 
>> https://techcrunch.com/2020/02/25/firefox-dns-https-default-united-states/
>> 
> 
> This paper is an example of how centralizing DNS lookups is dangerous in
> more "outlier" cases with more sophisticated adversaries on the Tor
> network for anyone interested in diving deeper (the cached PDF version
> should work):
> 
> https://www.freehaven.net/anonbib/#dnstor-ndss2017
> 
> g
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org:8080/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20200226/86a3a0f9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20200226/86a3a0f9/attachment.bin>


More information about the talk mailing list