Christian Huitema <huitema@xxxxxxxxxxx> wrote:
>> I didn't think oblivious-DNS was particularly useful either, because it was
>> basically just turning stub resolvers into mutated full resolvers, without
>> actually teaching them to do DNSSEC. If they could do DNSSEC, then we could
>> trust answers from any place, and then we could do some kind of p2p DNS
>> queries to get better anonymization (and probably, more resiliency for DNS).
> I used to believe a variation of that, that if users wanted to hide the IP
> address of the client sending DNS requests, they could just as well use a VPN
> and there would be no need for such "oblivious DNS" service. But it turned
I guess that the degenerate case of a p2p DNS is personal VPN.
> out that oblivious DNS was easier to deploy than VPN services, and also had
> some very nice privacy characteristics. I think that oblivious HTTP has the
> same potential, splitting the processing between an initial proxy that knows
> the client but does not know the requested URL, and an oblivious proxy that
> knows the requested URL but does not know the source IP address of the
> client.
You have two proxies here.
I didn't think that the oblivious HTTP mandated two.
--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
Attachment:
signature.asc
Description: PGP signature
