Oblivious DNS Over HTTPS

mozilla / standards-positions

https://mozilla.github.io/standards-positions/

Mozilla Public License 2.0

635 stars 69 forks source link

Oblivious DNS Over HTTPS #268

Closed ddragana closed 4 years ago

ddragana commented 4 years ago

Request for Mozilla Position on an Emerging Web Specification

Specification Title: Oblivious DNS Over HTTPS
Specification or proposal URL: https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh-01
Mozillians who can provide input (optional): @martinthomson @ekr

Other information

ddragana commented 4 years ago

The proposal introduce a way to separate the knowlage of the IP address of a user and its DNS queries, so that there is no instance that has access to both. It suggest sending encrypted DNS requests to a target DNS server through a proxy. The queries are encrypted with a key that only the target server has. The keys for the encryption are discovered using HTTPSSVC record type draft-ietf-dnsop-svcb-httpssvc.

This proposal looks reasonable, I would suggest "worth prototyping".

martinthomson commented 4 years ago

We've discussed this proposal with Apple and provided feedback that we would rather not build point solutions in this space. That is, the underlying technology is generic and has broader application than just DNS queries. My sense was that that feedback was well received and I expect to see new proposals.

Rather than file a position on this proposal, we should instead wait for its successor and discuss that.

That is, I'm suggesting that we close this issue without action.