#25564: DNS-over-HTTPS for exit relays ------------------------------+-------------------------- Reporter: cypherpunks | Owner: Nusenu Type: defect | Status: reopened Priority: Medium | Milestone: Component: Community/Relays | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ------------------------------+-------------------------- Changes (by cypherpunks):
* status: closed => reopened * priority: Very Low => Medium * resolution: fixed => * severity: Trivial => Normal Comment: Could you outline your threat model? (what do you want to protect from whom) (in a context of: most tor traffic is http/https) You need more than one semi-trusted resolver (we don't want to give _any_ single entity all exit DNS traffic), we would need at least ~20. I prefer DNS-over-TLS over DNS-over-HTTPS. https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers The problem is: even if you hide DNS content with encryption from a passive observer, they can still watch HTTP and TLS/SNI hostnames and get the same information. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25564#comment:4> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs