[ooni-talk] New report: DNS over TLS blocked in Iran
Maria Xynou
maria at openobservatory.org
Wed Jun 24 17:51:40 UTC 2020
Hello friends,
Today OONI published a new research report, titled: "DNS over TLS
blocked in Iran".
You can access this report here: https://ooni.org/post/2020-iran-dot/
DNS over TLS (DoT) is a network protocol that secures DNS queries
(https://ooni.org/support/glossary/#dns-query).
DoT improves the privacy and security of DNS queries, and makes
DNS-based blocking harder.
We investigated whether DoT works in Iran by gathering a list of 31
well-known DoT endpoints and running experiments from four distinct
Iranian mobile and fixed-line Internet Service Providers (ISPs): MCI,
TCI, Irancell, and Shatel.
We discovered that:
* 57% of the endpoints are blocked on a least one ISP;
* the blocking is not implemented uniformly across ISPs;
* most blocking happens by interfering with the TLS handshake;
* in some cases TLS handshake blocking seems to depend on the SNI, while
in other cases it seems to depend strictly on the TCP endpoint being used;
* forcing TLSv1.3 does not change the rate of successful TLS handshakes
compared to letting the server choose a TLS version between v1.0 and v1.3.
In our report, we share details from our experiments and findings.
Please share our research:
https://twitter.com/OpenObservatory/status/1275842846520741888
Thanks,
~ OONI team.
--
Maria Xynou
Research & Partnerships Director
Open Observatory of Network Interference (OONI)
https://ooni.org/
PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/ooni-talk/attachments/20200624/5c3720e8/attachment.sig>
More information about the ooni-talk
mailing list