Re: [dns-privacy] Private-DNS drafts
Stephane Bortzmeyer <bortzmeyer@nic.fr> Mon, 19 May 2014 13:40 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 374DC1A035A for <dns-privacy@ietfa.amsl.com>; Mon, 19 May 2014 06:40:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.201
X-Spam-Level:
X-Spam-Status: No, score=-2.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N6hcL8TOJW9d for <dns-privacy@ietfa.amsl.com>; Mon, 19 May 2014 06:40:55 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 120D91A0319 for <dns-privacy@ietf.org>; Mon, 19 May 2014 06:40:55 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id AEB512802F4; Mon, 19 May 2014 15:40:53 +0200 (CEST)
Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by mx4.nic.fr (Postfix) with ESMTP id A9F7928004B; Mon, 19 May 2014 15:40:53 +0200 (CEST)
Received: from bortzmeyer.nic.fr (unknown [IPv6:2001:67c:1348:7::86:133]) by relay1.nic.fr (Postfix) with ESMTP id A6E0F4C00AF; Mon, 19 May 2014 15:40:23 +0200 (CEST)
Date: Mon, 19 May 2014 15:40:23 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Phillip Hallam-Baker <hallam@gmail.com>
Message-ID: <20140519134023.GA19604@nic.fr>
References: <CAMm+Lwhx8QvUyRuJf-RFnTH8OHq1UNNbFr+LfUtp-0TbbmCwiA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAMm+Lwhx8QvUyRuJf-RFnTH8OHq1UNNbFr+LfUtp-0TbbmCwiA@mail.gmail.com>
X-Operating-System: Debian GNU/Linux jessie/sid
X-Kernel: Linux 3.13-1-686-pae i686
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/OKv5InppEAhhpA3_Q4vLA9n44Mk
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Private-DNS drafts
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 May 2014 13:40:57 -0000
On Fri, May 09, 2014 at 05:38:46PM -0400, Phillip Hallam-Baker <hallam@gmail.com> wrote a message of 120 lines which said: > * A General requirements draft for DNS privacy and related security > * concerns In this message, I'll talk only about this one, draft-hallambaker-dnse-01. Good idea to try to have a "requirments" document between the "privacy considerations" document and the various "solution" documents. However, I find that the requirments expressed in draft-hallambaker-dnse are too general: for instance, "[R-C-ACTIVE] Prevent or mitigate disclosure of request and response data against an active attacker on every contact" is nice but seems very difficult to achieve, and the draft does not mention the costs or the tradoffs (except the last sentence of "security considerations"). Also, I find that a requirment is missing: "limiting, to the maximum extent possible, the amount of data sent to forwarders or authoritative name servers". The draft only mentions the risk of profiling (so I assume a solution allowing anonymous clients would address it). But the qnames themselves are information and sometimes personal information and we want to limit every leak.
- [dns-privacy] Private-DNS drafts Phillip Hallam-Baker
- Re: [dns-privacy] Private-DNS drafts Stephane Bortzmeyer
- Re: [dns-privacy] Private-DNS drafts Stephen Farrell
- Re: [dns-privacy] Private-DNS drafts Stephane Bortzmeyer
- Re: [dns-privacy] Private-DNS drafts Phillip Hallam-Baker