Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/david_chisnall/statuses/113158298191498780">David Chisnall (david_chisnall@infosec.exchange)'s status on Wednesday, 18-Sep-2024 21:27:59 JST</a><a href="https://infosec.exchange/@david_chisnall" title="david_chisnall@infosec.exchange"><img src="https://gnusocial.jp/avatar/241214-48-20240302204654.webp" width="48" height="48" alt="David Chisnall" style="position: absolute; left: 0; top: 0;">David Chisnall</a><div><a href="https://friedcheese.us/objects/7cd9f8d1-43e9-4674-92de-73ad6e8e7c59" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://friedcheese.us/users/feld" rel="nofollow noreferrer">@feld</a> I wanted to build a DNS resolver with CCF (distributed key-value store that ran in SGX enclaves and other TEEs). The clients would be able to get a remote attestation that they were connected to a server that ran a specific version of the server code. The network would be able to send queries to authoritative servers from any node, maintain an internal cache, and do spurious lookups to make it hard to attack with traffic analysis.</p><p>I think this would meet the requirements for DNS encryption.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3685604#notice-7225585">In conversation</a><time datetime="2024-09-18T21:27:59+09:00" title="Wednesday, 18-Sep-2024 21:27:59 JST">about 2 months ago</time> <span>from <span><a href="https://infosec.exchange/@david_chisnall/113158298191498780" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@david_chisnall/113158298191498780">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
David Chisnall (david_chisnall@infosec.exchange)'s status on Wednesday, 18-Sep-2024 21:27:59 JSTDavid Chisnall
in reply to
- feld
@feld I wanted to build a DNS resolver with CCF (distributed key-value store that ran in SGX enclaves and other TEEs). The clients would be able to get a remote attestation that they were connected to a server that ran a specific version of the server code. The network would be able to send queries to authoritative servers from any node, maintain an internal cache, and do spurious lookups to make it hard to attack with traffic analysis.
I think this would meet the requirements for DNS encryption.
In conversationabout 2 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice