[tor-bugs] #25564 [Community/Relays]: DNS-over-HTTPS for exit relays
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 21 13:23:01 UTC 2018
#25564: DNS-over-HTTPS for exit relays
------------------------------+--------------------------
Reporter: cypherpunks | Owner: Nusenu
Type: defect | Status: reopened
Priority: Medium | Milestone:
Component: Community/Relays | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+--------------------------
Changes (by cypherpunks):
* status: closed => reopened
* priority: Very Low => Medium
* resolution: fixed =>
* severity: Trivial => Normal
Comment:
Could you outline your threat model? (what do you want to protect from
whom)
(in a context of: most tor traffic is http/https)
You need more than one semi-trusted resolver (we don't want to give _any_
single entity all exit DNS traffic), we would need at least ~20.
I prefer DNS-over-TLS over DNS-over-HTTPS.
https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers
The problem is: even if you hide DNS content with encryption from a
passive observer, they can still watch HTTP and TLS/SNI hostnames and get
the same information.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25564#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list