“Cloudflare, Apple, and Fastly have co-designed and proposed a new DNS standard to tackle ongoing privacy issues associated with DNS,” reports ZDNet.
Cloudflare calls it “a practical approach for improving privacy” that “aims to improve the overall adoption of encrypted DNS protocols without compromising performance and user experience…”
Third-parties, such as ISPs, find it more difficult to trace website visits when DNS over HTTPS (DoH) is enabled. DoH deployment is on the cards for many major browser providers, although rollout plans are ongoing. Now, Oblivious DNS over HTTPS (ODoH) has been proposed by Cloudflare — together with partners PCCW Global, Surf, and Equinix — to improve on these models by adding an additional layer of public key encryption and a network proxy…
The overall aim of ODoH is to decouple client proxies from resolvers. A network proxy is inserted between clients and DoH servers — such as Cloudflare’s 1.1.1.1’s public DNS resolver — and the combination of both this and public key encryption “guarantees that only the user has access to both the DNS messages and their own IP address at the same time,” according to Cloudflare… “The client behaves as it does in DNS and DoH, but differs by encrypting queries for the target, and decrypting the target’s responses…”
Test clients for the code have been provided to the open source community to encourage experimentation with the proposed standard. It can take years before support is enabled by vendors for new DNS standards, but Eric Rescorla, Firefox’s CTO, has already indicated that Firefox will “experiment” with ODoH.
of this story at Slashdot.
Source:: Slashdot