[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #30753 [Applications/Tor Browser]: Think about using DNS over HTTPS for Tor Browser 9
#30753: Think about using DNS over HTTPS for Tor Browser 9
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff68-esr | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by teor):
Replying to [comment:3 arma]:
> What would "using DoH" look like here?
>
> If Tor clients are doing it themselves, then two more cons include:
> * Several more round-trips across the Tor network for each web request,
which would seem to be a huge performance penalty.
> * Most every circuit will also include (start with?) a stream to a known
destination, which would be...confusing in terms of anonymity but it
doesn't strike me as good.
>
> If the exit relays are doing DoH on their own in order to resolve
addresses that the clients ask for on the exit circuits, that seems much
more workable to me, because it would let the exit relay cache and reuse
answers for a while across all requestors, and because it would remove the
need for the full Tor network round-trips just to do a resolve. But then
it would become a different sort of ticket, more like "encourage Tor exit
relay operators to change their local dns resolver to use a DoH option."
We could also build a DoH library into tor, and use it by default on tor
exits.
But I don't know if the ecosystem is there yet. At this time, I'd be
worried about single points of failure.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30753#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs