Re: [DNSOP] on the subject of dnse
Phillip Hallam-Baker <hallam@gmail.com> Sun, 23 March 2014 01:17 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26DDF1A0803 for <dnsop@ietfa.amsl.com>; Sat, 22 Mar 2014 18:17:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9pCV7UDCyFsJ for <dnsop@ietfa.amsl.com>; Sat, 22 Mar 2014 18:17:17 -0700 (PDT)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id 23B7A1A07F8 for <dnsop@ietf.org>; Sat, 22 Mar 2014 18:17:16 -0700 (PDT)
Received: by mail-la0-f48.google.com with SMTP id gf5so2658060lab.7 for <dnsop@ietf.org>; Sat, 22 Mar 2014 18:17:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=yV2sVyBs+se9SRoCrxlHo+q4UIt/xs+DZJDKooHlf9A=; b=D5P+1+t9bzVGFwFEPeaQi6k5OKVSFAF28hhtnMUVNoeDSwqhqjY8oq+H2peJFbgeMc dz/8JywOjnnbwD2hpH0qT/qck12p5lb6jBn6tCT3HrDyWB0KVsC/VlwBOhx7L6jjyZBS lRXtgnN1OyRa9mfmsuv11YYP9PC1uRAvBApehmPMYd7V/TySvei2ymYjE4w5C2JykPMs kxQA8NAB4oWq/uU9P5L2/uslXRlSb7ddwxiWCL30xwED5LrLaDIi+IoAgL2IfAeUYOUT 2gw21SIgHq0wpWe78rsCOCuNBXhPyw1yStvtsvZUGli9V7XwYw1B9AkhfDEiS0W35tKd g9jQ==
MIME-Version: 1.0
X-Received: by 10.112.141.10 with SMTP id rk10mr981514lbb.26.1395537435989; Sat, 22 Mar 2014 18:17:15 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Sat, 22 Mar 2014 18:17:15 -0700 (PDT)
In-Reply-To: <532C53BD.7030205@redbarn.org>
References: <532BB27F.9020208@bogus.com> <CAMm+Lwhpvc51WBgjs_TvgdmVG7hDBPKAt57zTtP3g2uFU2nnFg@mail.gmail.com> <532C53BD.7030205@redbarn.org>
Date: Sat, 22 Mar 2014 21:17:15 -0400
Message-ID: <CAMm+Lwjui5HniEPFrNPeFTqWx2PTfunE0KrVSh62r3mtHNcokg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Paul Vixie <paul@redbarn.org>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/lX-SyLhrQbrGVAw_OB0-L8Iibtg
Cc: joel jaeggli <joelja@bogus.com>, "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] on the subject of dnse
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Mar 2014 01:17:19 -0000
On Fri, Mar 21, 2014 at 10:59 AM, Paul Vixie <paul@redbarn.org> wrote: > > > Phillip Hallam-Baker wrote: >> This was the use case that originally drove the development of OmniBroker. >> >> If we do DNS Encryption right it is going to be very easy for end >> users to chose their DNS provider and very hard for the authorities to >> block them. > > +1. > >> Security is a balance. Going through 8.8.8.8 rather than direct means >> that you are leaking privacy sensitive information to Google. But that >> is probably less important here than the censorship attack. > > noting, google's public claims about not data mining any part of the > 8.8.8.8 query flow, are believable. we also now know that the greater > risk is an on-path nation-state MiTM. i think we should solve for the > latter and not worry about the former. > > vixie I didn't want to bring this up earlier for obvious reasons, the countermeasure that has been deployed is to just block Google DNS as well. We have to have a strategy that does not rely on one party to carry the net. That just makes them a target. -- Website: http://hallambaker.com/
- [DNSOP] on the subject of dnse joel jaeggli
- Re: [DNSOP] on the subject of dnse Phillip Hallam-Baker
- Re: [DNSOP] on the subject of dnse Paul Vixie
- Re: [DNSOP] on the subject of dnse Phillip Hallam-Baker