[talk] Vixie meeting
Christos Zoulas
christos at zoulas.com
Wed Feb 26 08:31:22 EST 2020
Here is a good explanation of how it all works:
https://www.netmeister.org/blog/doh-dot-dnssec.html <https://www.netmeister.org/blog/doh-dot-dnssec.html>
christos
> On Feb 26, 2020, at 8:26 AM, George Rosamond <george at ceetonetechnology.com> wrote:
>
>
>
> On 2/25/20 11:19 AM, George Rosamond wrote:
>> As some of you may know, the Vixie meeting next week should raise some
>> interesting issues with DoH and DoT... basically DNS lookups encrypted
>> over https or tls instead of clear text over UDP.
>>
>> The issue is a bit more complex than it seems on the surface.
>>
>> Most broadly, of course DNS lookups should be encrypted, but what's
>> disturbing is that US FF will be set to go to Cloudflare, who obviously
>> know this is a wonderful data-mining opportunity.
>>
>> The whole issue of "privacy" gets distorted too easily. Yes, you should
>> have privacy in DNS lookups, but sending encrypted lookups to one
>> provider is a recipe for privacy from "the other" while centralizing a
>> few huge collectors of that data.
>>
>> Yes, more providers should be running DOT servers, but that in itself
>> isn't the answer.
>>
>> This link raises the issue, but misses the dangerous implications of DOH:
>>
>> https://techcrunch.com/2020/02/25/firefox-dns-https-default-united-states/
>>
>
> This paper is an example of how centralizing DNS lookups is dangerous in
> more "outlier" cases with more sophisticated adversaries on the Tor
> network for anyone interested in diving deeper (the cached PDF version
> should work):
>
> https://www.freehaven.net/anonbib/#dnstor-ndss2017
>
> g
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org:8080/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20200226/86a3a0f9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20200226/86a3a0f9/attachment.bin>
More information about the talk
mailing list