I'm giving a talk on Weds at #ripe76 on our survey re: interest and concerns about DNS privacy. Want to make sure this isn't like DNSSEC all over again - if we build it, will operators deploy it? Or are we adding complexity that most operators would rather not have?
-
-
Not saying that these things are bad. Any security improvement is a good thing. But they don’t provide any privacy. Just authentication. Maybe once SNI encryption is a thing, we can talk. Right now, it’s wankery/marketing/ways to get funding.
-
Meanwhile, domain fronting is being killed by major operators. Including companies chanting “DNS privacy”.
- 2 more replies
New conversation -
-
-
“Hey Sixko, sell me your logs”: “There you go!” “Hey PassiveDB, what are supposedly private host names you saw within BankOfUSA[.]com?”: “Here’s the list!”. With “DNS Privacy” tools, add “and by the way, here’s more data from a different IP but the same user”. We solved nothing.
-
At least from a privacy perspective. Old protocols never get fixed no matter how many RFCs are written, unless they get replaced by a brand new thing, that is *required* to access some information.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.