Re: [dns-privacy] Trying to understand DNS resolver 'discovery'
Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 26 November 2019 18:13 UTC
Return-Path: <stephane@sources.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 622DF120A57 for <dns-privacy@ietfa.amsl.com>; Tue, 26 Nov 2019 10:13:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9pOdiJCas8wt for <dns-privacy@ietfa.amsl.com>; Tue, 26 Nov 2019 10:13:09 -0800 (PST)
Received: from ayla.bortzmeyer.org (ayla.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fe27:3d3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AC8D120A41 for <dns-privacy@ietf.org>; Tue, 26 Nov 2019 10:13:09 -0800 (PST)
Received: by ayla.bortzmeyer.org (Postfix, from userid 10) id 379C6A02A0; Tue, 26 Nov 2019 19:13:08 +0100 (CET)
Received: by mail.sources.org (Postfix, from userid 1000) id 613E1C9571; Tue, 26 Nov 2019 19:08:13 +0100 (CET)
Date: Tue, 26 Nov 2019 19:08:13 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Brian Dickson <brian.peter.dickson@gmail.com>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, dns-privacy@ietf.org
Message-ID: <20191126180812.GB4452@sources.org>
References: <CAMm+Lwig+90Riqav6BT6D-0n4pZJFgAr3p996Q+qXJSPt0kqBQ@mail.gmail.com> <CAH1iCirHc4QFGYo_R-4TzWL2Q7G9XFj-6YKsvKsQS4dkx0-C2w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAH1iCirHc4QFGYo_R-4TzWL2Q7G9XFj-6YKsvKsQS4dkx0-C2w@mail.gmail.com>
X-Transport: UUCP rules
X-Operating-System: Debian GNU/Linux 10.1
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/JUoFBIVbCxZngDB6g4l-KQAJ-wY>
Subject: Re: [dns-privacy] Trying to understand DNS resolver 'discovery'
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2019 18:13:11 -0000
On Tue, Nov 26, 2019 at 09:51:14AM -0800, Brian Dickson <brian.peter.dickson@gmail.com> wrote a message of 98 lines which said: > However, if the only place the client is able to establish an > encrypted path to is a forwarder, this leave open the possibility > that the forwarder->(forwarder->[...])->resolver might involve one > or more unencrypted connections. I'm not sure I understand the problem. This case is just an instance of a more general problem "the machine you talk with may betray you and no amount of cryptography will help here". The resolver can send a copy of all your requests to the NSA (or its chinese equivalent), or it could use a forwarder over an unencrypted connection. What's the difference?
- [dns-privacy] Trying to understand DNS resolver '… Phillip Hallam-Baker
- Re: [dns-privacy] Trying to understand DNS resolv… Brian Dickson
- Re: [dns-privacy] Trying to understand DNS resolv… Stephane Bortzmeyer
- Re: [dns-privacy] Trying to understand DNS resolv… Stephane Bortzmeyer
- Re: [dns-privacy] Trying to understand DNS resolv… Brian Dickson
- Re: [dns-privacy] Trying to understand DNS resolv… Phillip Hallam-Baker
- Re: [dns-privacy] Trying to understand DNS resolv… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] Trying to understand DNS resolv… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] Trying to understand DNS resolv… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] Trying to understand DNS resolv… Neil Cook
- Re: [dns-privacy] Trying to understand DNS resolv… Neil Cook
- Re: [dns-privacy] Trying to understand DNS resolv… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] Trying to understand DNS resolv… Neil Cook
- Re: [dns-privacy] Trying to understand DNS resolv… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] Trying to understand DNS resolv… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] Trying to understand DNS resolv… Stephane Bortzmeyer
- Re: [dns-privacy] Trying to understand DNS resolv… Neil Cook
- Re: [dns-privacy] Trying to understand DNS resolv… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] Trying to understand DNS resolv… Stephane Bortzmeyer
- Re: [dns-privacy] Trying to understand DNS resolv… Neil Cook
- Re: [dns-privacy] Trying to understand DNS resolv… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] Trying to understand DNS resolv… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] [EXTERNAL] Re: Trying to unders… Winfield, Alister
- Re: [dns-privacy] Trying to understand DNS resolv… Livingood, Jason
- Re: [dns-privacy] Trying to understand DNS resolv… Livingood, Jason
- Re: [dns-privacy] Trying to understand DNS resolv… Andrew Campling
- Re: [dns-privacy] Trying to understand DNS resolv… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] Trying to understand DNS resolv… Kenji Baheux
- Re: [dns-privacy] Trying to understand DNS resolv… Livingood, Jason
- Re: [dns-privacy] Trying to understand DNS resolv… Vittorio Bertola
- Re: [dns-privacy] [EXTERNAL] Re: Trying to unders… Winfield, Alister
- Re: [dns-privacy] [EXTERNAL] Re: Trying to unders… Phillip Hallam-Baker