playdoh icon indicating copy to clipboard operation
playdoh copied to clipboard
verified publisher icon commonshost

Oblivious DoH?

Open qoelet opened this issue 6 years ago • 0 comments

Draft here: https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh-01

The gist of it:

Oblivious DoH requires, at a minimum:

   o  Two DoH servers, where one can act as an Oblivious Proxy, and the
      other can act as an Oblivious Target.

   o  Public keys for encrypting DNS queries that are passed from a
      client through a proxy to a target (Section 6).  These keys
      guarantee that only the intended Oblivious Target can decrypt
      client queries.

   o  Client ability to generate random [RFC4086] one-time-use symmetric
      keys to encrypt DNS responses.  These symmetric keys ensure that
      only the client will be able to decrypt the response from the
      Oblivious Target.  They are only used once to prevent the
      Oblivious Target from tracking clients based on keys.

qoelet avatar Nov 14 '19 07:11 qoelet