[talk] Vixie meeting

George Rosamond george at ceetonetechnology.com
Wed Feb 26 08:32:20 EST 2020



On 2/26/20 8:31 AM, Christos Zoulas wrote:
> Here is a good explanation of how it all works:
> 
> https://www.netmeister.org/blog/doh-dot-dnssec.html <https://www.netmeister.org/blog/doh-dot-dnssec.html>
> 

Definitely. Jan posted that a while ago... it's a really useful overview.

There's also previous Vixie presentations from vBSDCon, etc on YouTube.

g


> christos
> 
>> On Feb 26, 2020, at 8:26 AM, George Rosamond <george at ceetonetechnology.com> wrote:
>>
>>
>>
>> On 2/25/20 11:19 AM, George Rosamond wrote:
>>> As some of you may know, the Vixie meeting next week should raise some
>>> interesting issues with DoH and DoT... basically DNS lookups encrypted
>>> over https or tls instead of clear text over UDP.
>>>
>>> The issue is a bit more complex than it seems on the surface.
>>>
>>> Most broadly, of course DNS lookups should be encrypted, but what's
>>> disturbing is that US FF will be set to go to Cloudflare, who obviously
>>> know this is a wonderful data-mining opportunity.
>>>
>>> The whole issue of "privacy" gets distorted too easily.  Yes, you should
>>> have privacy in DNS lookups, but sending encrypted lookups to one
>>> provider is a recipe for privacy from "the other" while centralizing a
>>> few huge collectors of that data.
>>>
>>> Yes, more providers should be running DOT servers, but that in itself
>>> isn't the answer.
>>>
>>> This link raises the issue, but misses the dangerous implications of DOH:
>>>
>>> https://techcrunch.com/2020/02/25/firefox-dns-https-default-united-states/
>>>
>>
>> This paper is an example of how centralizing DNS lookups is dangerous in
>> more "outlier" cases with more sophisticated adversaries on the Tor
>> network for anyone interested in diving deeper (the cached PDF version
>> should work):
>>
>> https://www.freehaven.net/anonbib/#dnstor-ndss2017
>>
>> g
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org:8080/mailman/listinfo/talk
> 
> 



More information about the talk mailing list