Re: [DNSOP] on the subject of dnse
Paul Vixie <paul@redbarn.org> Fri, 21 March 2014 14:59 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C1F91A09A8 for <dnsop@ietfa.amsl.com>; Fri, 21 Mar 2014 07:59:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S4_aaZ_OD5g8 for <dnsop@ietfa.amsl.com>; Fri, 21 Mar 2014 07:59:16 -0700 (PDT)
Received: from ss.vix.su (ss.vix.su [IPv6:2001:559:8000:cb::2]) by ietfa.amsl.com (Postfix) with ESMTP id 7DE531A09AB for <dnsop@ietf.org>; Fri, 21 Mar 2014 07:59:16 -0700 (PDT)
Received: from [192.168.5.115] (rrcs-24-227-208-130.sw.biz.rr.com [24.227.208.130]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ss.vix.su (Postfix) with ESMTPSA id CC629EBD93; Fri, 21 Mar 2014 14:59:05 +0000 (UTC) (envelope-from paul@redbarn.org)
Message-ID: <532C53BD.7030205@redbarn.org>
Date: Fri, 21 Mar 2014 07:59:09 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 3.0.9 (Windows/20140128)
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>
References: <532BB27F.9020208@bogus.com> <CAMm+Lwhpvc51WBgjs_TvgdmVG7hDBPKAt57zTtP3g2uFU2nnFg@mail.gmail.com>
In-Reply-To: <CAMm+Lwhpvc51WBgjs_TvgdmVG7hDBPKAt57zTtP3g2uFU2nnFg@mail.gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/0YagMJL3N2e4eBIT1PVFz9RsJzs
Cc: joel jaeggli <joelja@bogus.com>, "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] on the subject of dnse
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 14:59:18 -0000
Phillip Hallam-Baker wrote: > This was the use case that originally drove the development of OmniBroker. > > If we do DNS Encryption right it is going to be very easy for end > users to chose their DNS provider and very hard for the authorities to > block them. +1. > Security is a balance. Going through 8.8.8.8 rather than direct means > that you are leaking privacy sensitive information to Google. But that > is probably less important here than the censorship attack. noting, google's public claims about not data mining any part of the 8.8.8.8 query flow, are believable. we also now know that the greater risk is an on-path nation-state MiTM. i think we should solve for the latter and not worry about the former. vixie
- [DNSOP] on the subject of dnse joel jaeggli
- Re: [DNSOP] on the subject of dnse Phillip Hallam-Baker
- Re: [DNSOP] on the subject of dnse Paul Vixie
- Re: [DNSOP] on the subject of dnse Phillip Hallam-Baker