Jigsaw (Google) released an Android DoH client.
https://github.com/Jigsaw-Code/Intra …
https://techcrunch.com/2018/10/03/googles-cyber-unit-jigsaw-introduces-intra-a-security-app-dedicated-to-busting-censorship/ …
cc @jedisct1 @PowerDNS_Bert @vavrusam
-
-
No padding. No cert pinning. TLS resumption. This is one of the problems with DoH/DoT. It’s easy to make something that “works” but whose actual security is suboptimal.
2 replies 2 retweets 2 likes -
We (well,
@Winne__) did some very simple measurements, but without TLS resumption, it looks like we burn 30-40 milliseconds of CPU time on a single DoT query. This would not scale. Alternative is millions of open TCP sessions. Challenging times ahead.4 replies 1 retweet 3 likes -
Replying to @PowerDNS_Bert @chantr4 and
And additional latency especially with TLS < 1.3. So, we have to reduce privacy (even relative to plain old DNS) in order to mitigate performance regression. It took years and money to eventually come up with a really bad and incomplete design.
1 reply 0 retweets 1 like -
Well you know we love DNSCrypt... We pondered dropping it from dnsdist but I think we should keep it in just to show it could be done better.
1 reply 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.