文档介绍:DNS加密协议发展及部署现状
刘保君
清华大学网络科学与网络空间研究院
2020年08月12日
An End-to-End, Large-Scale
Measurement of DNS-over-Encryption:
How Far Have We Come?
Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan,
Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang, Jianping Wu
Domain Name System
The start of Internet activities.
...which says a lot about you. ?
? ?
DNS Client Resolver ?
Authoritative
server
3
DNS Privacy
Where are the risks?
Rogue
server
Eavesdropper
DNS Client Resolver
MITM
interception Authoritative
server
4
DNS Privacy
People could be watching our queries.
RFC 7626 on
DNS privacy
The MORECOWBELL
surveillance program
of NSA
5
DNS Privacy
People could be watching our queries.
And do stuff like:
Device
Fingerprinting
[Chang ’15]
User User behavior
Tracking Analysis
[Kirchler ’16] [Kim ’15]
6
DNS Privacy: What Has Been Done?
Three IETF WGs.
Three standardized protocols.
More implementations and tests coming...
I