IETF Logo Mail Archive

Re: [dns-privacy] NS names, was re-evaluation of the draft, was Re: [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]

Bill Woodcock <woody@pch.net> Wed, 10 June 2020 14:16 UTC

Return-Path: <woody@pch.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8A183A08D5 for <dns-privacy@ietfa.amsl.com>; Wed, 10 Jun 2020 07:16:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GE9kdmQfKK1Z for <dns-privacy@ietfa.amsl.com>; Wed, 10 Jun 2020 07:16:48 -0700 (PDT)
Received: from mail.pch.net (keriomail.pch.net [206.220.231.84]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02BB53A08CA for <dns-privacy@ietf.org>; Wed, 10 Jun 2020 07:16:46 -0700 (PDT)
X-Footer: cGNoLm5ldA==
Received: from [10.19.48.14] ([69.166.14.2]) by mail.pch.net (Kerio Connect 9.2.7 patch 3) with ESMTPS (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)) for dns-privacy@ietf.org; Wed, 10 Jun 2020 07:16:44 -0700
From: Bill Woodcock <woody@pch.net>
Content-Type: multipart/signed; boundary="Apple-Mail=_EC44C703-8CCB-470A-9319-A35B4E122AEF"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Wed, 10 Jun 2020 16:16:40 +0200
References: <CAHPuVdVJ2_DoPpb5C2ET8kEzvfDHACPNQP-2r__sVTQ76WmL4w@mail.gmail.com> <EF30ADBD-3EFA-4224-8828-C6E019F03887@nohats.ca> <CAHPuVdVB9jFLgTaj6s4Qk9i-Devi4qcnbT57BLvsFAjFnr19YQ@mail.gmail.com>
To: dns-privacy@ietf.org
In-Reply-To: <CAHPuVdVB9jFLgTaj6s4Qk9i-Devi4qcnbT57BLvsFAjFnr19YQ@mail.gmail.com>
Message-Id: <770C946C-77AE-4D40-A507-2EF3C003D805@pch.net>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/7yIdFqGjWQTDK4wKaUecLSJUe9s>
Subject: Re: [dns-privacy] NS names, was re-evaluation of the draft, was Re: [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 14:16:50 -0000


>>> > The more I think about all the privacy leaks that have to be plugged at the DNS and application layers, Tor increasingly looks better as a general purpose solution (either as a network to funnel DNS messages through, or even better, having zone operators locate authority servers inside Tor as hidden services). It has a significant performance cost, but real privacy always does.

>> You don’t really mean tor, but you mean a shared pool of resolvers used by a large group that breaks the one on one relationship between queries and answers.  It’s fine if we connect to that using DoT or DoH.

> Well, not as good as Tor's onion routing, or real mix networks, but that would be a step in the right direction.

How does this differ from the two already-competing “oblivious DNS” proposals?

I’m generally for them, but to actually offer any security, they require that the ingress and egress nodes be operated by different parties.  Which is fine for _me_, as long as I can find a counterparty, but what about for someone else, who needs to find two parties, and needs some way to ensure that they’re not in cahoots?  Anyway, I like the idea, but I haven’t yet seen any proposals that get much beyond hand-waving about the practical aspects.

                                -Bill

v2.23.0 | Report a Bug | By Email