Re: [dns-privacy] NS names, was re-evaluation of the draft, was Re: [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]
Bill Woodcock <woody@pch.net> Wed, 10 June 2020 14:16 UTC
Return-Path: <woody@pch.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8A183A08D5 for <dns-privacy@ietfa.amsl.com>; Wed, 10 Jun 2020 07:16:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GE9kdmQfKK1Z for <dns-privacy@ietfa.amsl.com>; Wed, 10 Jun 2020 07:16:48 -0700 (PDT)
Received: from mail.pch.net (keriomail.pch.net [206.220.231.84]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02BB53A08CA for <dns-privacy@ietf.org>; Wed, 10 Jun 2020 07:16:46 -0700 (PDT)
X-Footer: cGNoLm5ldA==
Received: from [10.19.48.14] ([69.166.14.2]) by mail.pch.net (Kerio Connect 9.2.7 patch 3) with ESMTPS (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)) for dns-privacy@ietf.org; Wed, 10 Jun 2020 07:16:44 -0700
From: Bill Woodcock <woody@pch.net>
Content-Type: multipart/signed; boundary="Apple-Mail=_EC44C703-8CCB-470A-9319-A35B4E122AEF"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Wed, 10 Jun 2020 16:16:40 +0200
References: <CAHPuVdVJ2_DoPpb5C2ET8kEzvfDHACPNQP-2r__sVTQ76WmL4w@mail.gmail.com> <EF30ADBD-3EFA-4224-8828-C6E019F03887@nohats.ca> <CAHPuVdVB9jFLgTaj6s4Qk9i-Devi4qcnbT57BLvsFAjFnr19YQ@mail.gmail.com>
To: dns-privacy@ietf.org
In-Reply-To: <CAHPuVdVB9jFLgTaj6s4Qk9i-Devi4qcnbT57BLvsFAjFnr19YQ@mail.gmail.com>
Message-Id: <770C946C-77AE-4D40-A507-2EF3C003D805@pch.net>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/7yIdFqGjWQTDK4wKaUecLSJUe9s>
Subject: Re: [dns-privacy] NS names, was re-evaluation of the draft, was Re: [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 14:16:50 -0000
>>> > The more I think about all the privacy leaks that have to be plugged at the DNS and application layers, Tor increasingly looks better as a general purpose solution (either as a network to funnel DNS messages through, or even better, having zone operators locate authority servers inside Tor as hidden services). It has a significant performance cost, but real privacy always does. >> You don’t really mean tor, but you mean a shared pool of resolvers used by a large group that breaks the one on one relationship between queries and answers. It’s fine if we connect to that using DoT or DoH. > Well, not as good as Tor's onion routing, or real mix networks, but that would be a step in the right direction. How does this differ from the two already-competing “oblivious DNS” proposals? I’m generally for them, but to actually offer any security, they require that the ingress and egress nodes be operated by different parties. Which is fine for _me_, as long as I can find a counterparty, but what about for someone else, who needs to find two parties, and needs some way to ensure that they’re not in cahoots? Anyway, I like the idea, but I haven’t yet seen any proposals that get much beyond hand-waving about the practical aspects. -Bill
- [dns-privacy] [Fwd: New Version Notification for … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Mikael Abrahamsson
- Re: [dns-privacy] [Fwd: New Version Notification … Jeremy Harris
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Petr Špaček
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Christian Huitema
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Ondřej Surý
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Ben Schwartz
- Re: [dns-privacy] [Fwd: New Version Notification … Petr Špaček
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Ben Schwartz
- Re: [dns-privacy] [Fwd: New Version Notification … Tony Finch
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Ben Schwartz
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Stephen Farrell
- Re: [dns-privacy] [Fwd: New Version Notification … Petr Špaček
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Shumon Huque
- Re: [dns-privacy] [Fwd: New Version Notification … Eric Rescorla
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Eric Rescorla
- Re: [dns-privacy] [Fwd: New Version Notification … Ben Schwartz
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Petr Špaček
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Tony Finch
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Christian Huitema
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- [dns-privacy] re-evaluation of the draft, was Re:… Paul Wouters
- Re: [dns-privacy] re-evaluation of the draft, was… Robin Geuze
- Re: [dns-privacy] re-evaluation of the draft, was… Shumon Huque
- Re: [dns-privacy] re-evaluation of the draft, was… Peter van Dijk
- Re: [dns-privacy] re-evaluation of the draft, was… Shumon Huque
- Re: [dns-privacy] NS names, was re-evaluation of … John Levine
- Re: [dns-privacy] NS names, was re-evaluation of … Shumon Huque
- Re: [dns-privacy] re-evaluation of the draft, was… Paul Wouters
- Re: [dns-privacy] NS names, was re-evaluation of … Christian Huitema
- Re: [dns-privacy] re-evaluation of the draft, was… Peter van Dijk
- Re: [dns-privacy] NS names, was re-evaluation of … Shumon Huque
- Re: [dns-privacy] NS names, was re-evaluation of … Paul Wouters
- Re: [dns-privacy] NS names, was re-evaluation of … Shumon Huque
- Re: [dns-privacy] NS names, was re-evaluation of … Bill Woodcock
- Re: [dns-privacy] NS names, was re-evaluation of … Shumon Huque
- Re: [dns-privacy] NS names, was re-evaluation of … Bill Woodcock
- Re: [dns-privacy] NS names, was re-evaluation of … John R Levine
- Re: [dns-privacy] NS names, was re-evaluation of … Brian Dickson
- Re: [dns-privacy] bootstrapping NS names, was re-… John Levine
- Re: [dns-privacy] bootstrapping NS names, was re-… Brian Dickson
- Re: [dns-privacy] bootstrapping NS names, was re-… John R Levine