[talk] Vixie meeting
George Rosamond
george at ceetonetechnology.com
Wed Feb 26 08:32:20 EST 2020
On 2/26/20 8:31 AM, Christos Zoulas wrote:
> Here is a good explanation of how it all works:
>
> https://www.netmeister.org/blog/doh-dot-dnssec.html <https://www.netmeister.org/blog/doh-dot-dnssec.html>
>
Definitely. Jan posted that a while ago... it's a really useful overview.
There's also previous Vixie presentations from vBSDCon, etc on YouTube.
g
> christos
>
>> On Feb 26, 2020, at 8:26 AM, George Rosamond <george at ceetonetechnology.com> wrote:
>>
>>
>>
>> On 2/25/20 11:19 AM, George Rosamond wrote:
>>> As some of you may know, the Vixie meeting next week should raise some
>>> interesting issues with DoH and DoT... basically DNS lookups encrypted
>>> over https or tls instead of clear text over UDP.
>>>
>>> The issue is a bit more complex than it seems on the surface.
>>>
>>> Most broadly, of course DNS lookups should be encrypted, but what's
>>> disturbing is that US FF will be set to go to Cloudflare, who obviously
>>> know this is a wonderful data-mining opportunity.
>>>
>>> The whole issue of "privacy" gets distorted too easily. Yes, you should
>>> have privacy in DNS lookups, but sending encrypted lookups to one
>>> provider is a recipe for privacy from "the other" while centralizing a
>>> few huge collectors of that data.
>>>
>>> Yes, more providers should be running DOT servers, but that in itself
>>> isn't the answer.
>>>
>>> This link raises the issue, but misses the dangerous implications of DOH:
>>>
>>> https://techcrunch.com/2020/02/25/firefox-dns-https-default-united-states/
>>>
>>
>> This paper is an example of how centralizing DNS lookups is dangerous in
>> more "outlier" cases with more sophisticated adversaries on the Tor
>> network for anyone interested in diving deeper (the cached PDF version
>> should work):
>>
>> https://www.freehaven.net/anonbib/#dnstor-ndss2017
>>
>> g
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org:8080/mailman/listinfo/talk
>
>
More information about the talk
mailing list