[talk] Vixie meeting

George Rosamond george at ceetonetechnology.com
Wed Feb 26 08:26:39 EST 2020



On 2/25/20 11:19 AM, George Rosamond wrote:
> As some of you may know, the Vixie meeting next week should raise some
> interesting issues with DoH and DoT... basically DNS lookups encrypted
> over https or tls instead of clear text over UDP.
> 
> The issue is a bit more complex than it seems on the surface.
> 
> Most broadly, of course DNS lookups should be encrypted, but what's
> disturbing is that US FF will be set to go to Cloudflare, who obviously
> know this is a wonderful data-mining opportunity.
> 
> The whole issue of "privacy" gets distorted too easily.  Yes, you should
> have privacy in DNS lookups, but sending encrypted lookups to one
> provider is a recipe for privacy from "the other" while centralizing a
> few huge collectors of that data.
> 
> Yes, more providers should be running DOT servers, but that in itself
> isn't the answer.
> 
> This link raises the issue, but misses the dangerous implications of DOH:
> 
> https://techcrunch.com/2020/02/25/firefox-dns-https-default-united-states/
>

This paper is an example of how centralizing DNS lookups is dangerous in
more "outlier" cases with more sophisticated adversaries on the Tor
network for anyone interested in diving deeper (the cached PDF version
should work):

https://www.freehaven.net/anonbib/#dnstor-ndss2017

g




More information about the talk mailing list