tldr, it’s “oblivious” in that there is a 1-hop proxy that swears they would never collude with the recursor that sees the request content.
Is there some guarantee on that swearing bit?
none whatsoever; how could there be? (don’t say SGX 🤣)
and the companies who wrote this proposal are all US-based companies that definitely receive and comply with secret orders to surveil their users on a regular basis. so, this is yet another privacy proposal designed with room for FVEY to circumvent it.
Sooooo we’ve come full circle? From recursive DNS to recursive DoH? :P
except this new intermediary server role (“oblivious proxy”) exists for privacy, and cannot do any caching since it can’t see the queries. (the “oblivious target” is a recursive resolver like normal, which can still cache… it just doesn’t learn the client’s IP under this system.)
