Re: [dns-privacy] Fwd: New Version Notification for draft-dickinson-dprive-bcp-op-00.txt
Puneet Sood <puneets@google.com> Wed, 18 July 2018 02:17 UTC
Return-Path: <puneets@google.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67D99130EDD for <dns-privacy@ietfa.amsl.com>; Tue, 17 Jul 2018 19:17:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.51
X-Spam-Level:
X-Spam-Status: No, score=-17.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ac-QXWYrzr1O for <dns-privacy@ietfa.amsl.com>; Tue, 17 Jul 2018 19:17:19 -0700 (PDT)
Received: from mail-ua0-x243.google.com (mail-ua0-x243.google.com [IPv6:2607:f8b0:400c:c08::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F040130E7B for <dns-privacy@ietf.org>; Tue, 17 Jul 2018 19:17:19 -0700 (PDT)
Received: by mail-ua0-x243.google.com with SMTP id q12-v6so1971962ual.2 for <dns-privacy@ietf.org>; Tue, 17 Jul 2018 19:17:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ltUb/lHuu8ZAPXZ/lK7E9mLZQx/2Rg5DtAT8OAH+bNY=; b=tLc4OtITz5gaTHncUfIJBQcTRTp3tsArcSONhesZoGEYyGXnrfTWLGsMCi3bT+MJpV AbfDSV5Atcp/29/ZDPKfijMKqgppGhJ84snMnP0BNXo4VQeXJYSsf3fWVqaeQGGq7Jw8 HFyKnbLzmnG88rhLUwX5jUovhjJZTNdC03tmlTi10fPPddSle/zMdaWDH4rBoGtnlWAV Tm1spjJNBOaf3FC/dDmUloqaNmXcrHrwELmeWzwAOmz/7KWfReZ6dyDHLgp+ftSRiL+E 2rRSXZufpwrAdUYDY0fkRceQqihtlecKnKgp4i+ouzchpn7HC923hjSGLozbjAdeUqy4 f3vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ltUb/lHuu8ZAPXZ/lK7E9mLZQx/2Rg5DtAT8OAH+bNY=; b=dUmNFKObYZWzM8U05y4oneNW9V5zDMycSA+IOgpHKswcaj3I9BCIuyDtJXLtVu9jP1 oDNT43EqfssFmAeDgqZ/c2c3GvbpCjBpBP2RYHEA85mHKkKA/5ephcAyMjfQu9u4YO1t EoTb9j6qN3JySDxWy2hWr5ytVUDuQ8CfFS5nqQsW5SQ6S2nItU8S/NAuje84CvbgV2CS fJtNfrXrA2sZCovetGhVXbchfyHDxERS7GtL1rv2QStZniha9Nftf6xCLGD8egFioWDx BUzHqPs1u6Ic1VIO/TX/vkyz5CYm39kcGI3q9XIm1e20f8g6Z3FAwOrWOcLoSQCUfLeV 0XQg==
X-Gm-Message-State: AOUpUlFPZLB3AVLXHcH2UGXW3M76diw/6uxUYiVUc5r9ACpp0tqMbtRt gCb2EgE1IUwrDzCsKPMfXdULwuDppjlYuLWCjOC0BqRo
X-Google-Smtp-Source: AAOMgpf3z19jxwSsZ+VHaWsKAWCpvaqA9+8HzQ22HiiUZmS8js5uU4GL5+ygxrrMbtoqgmDEFDQa6rjsYGw2fPpC0NE=
X-Received: by 2002:ab0:4e9d:: with SMTP id l29-v6mr2842409uah.126.1531880238121; Tue, 17 Jul 2018 19:17:18 -0700 (PDT)
MIME-Version: 1.0
References: <153055267381.16329.4426903227293791899.idtracker@ietfa.amsl.com> <E149DE2F-222A-4CE8-914A-D1ACB7FF5280@sinodun.com>
In-Reply-To: <E149DE2F-222A-4CE8-914A-D1ACB7FF5280@sinodun.com>
From: Puneet Sood <puneets@google.com>
Date: Tue, 17 Jul 2018 22:17:10 -0400
Message-ID: <CA+9_gVtjeOFvYSdo4yCRFFuR-M5fx09ZPC7Sv7rGjJJePF4xfw@mail.gmail.com>
To: Sara Dickinson <sara@sinodun.com>
Cc: dns-privacy@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/RHwTLkrFGLbmwL8XUkd2RI4FOt4>
Subject: Re: [dns-privacy] Fwd: New Version Notification for draft-dickinson-dprive-bcp-op-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 02:17:23 -0000
** Comments * Section 5.3.1 > If operators do offer a service that sends the ECS options upstream > they should use the shortest prefix that is operationally feasible > (NOTE: the authors believe they will be able to add a reference for > advice here soon) and ideally use a policy of whitelisting upstream > servers to send ECS to in order to minimize data leakage. Operators > should make clear in any policy statement what prefix length they > actually send and the specific policy used. Whitelisting instead of automatically detecting ECS on authoritative servers has much more overhead. * Section 6.2.5. Comparison For the comparison tables [8, 9] on github, I will discuss with you directly about Google Public DNS. ** Minor Comments * Section 5.2.1 > Data access should be minimized to only those personal who require > access to perform operational duties. personal -> personnel * Section 5.3.2 > At the time of writing there are no standardized or widely recognized > techniques to preform such obfuscation or bulk pre-fetches. preform -> perform On Mon, Jul 2, 2018 at 1:59 PM Sara Dickinson <sara@sinodun.com> wrote: > > Hi All, > > An update to draft-dickinson-bcp-op (with a minor name change generating a -00 version) is now available. > > The major differences to draft-dickinson-bcp-op-00 are : > > * Reworked the Terminology, Introduction and Scope > * Added Document section > * Reworked the Recommendations section to describe threat mitigations, optimizations and other options. > * Split the recommendations up into 3 subsections: on the wire, at rest and upstream > * Added much more information on data handling and IP address pseudonymization and anonymization > * Added more details and comparison of some existing policy/privacy policies > * Applied virtually all of Amelia Andersdotter's suggested changes. > > When re-writing this draft in terms of privacy threats and mitigations it became clear that a ‘bis' to RFC7626 that included threat assessments from all the privacy related work that has happened since it was written (e.g. DNS-over-TLS) would be very helpful. That bis document is also now available (see below) and going forward the hope is the these two will be companion documents with RFC7626-bis describing the threats and the BCP describing the mitigations. > > When reviewing, please note that due to time constraints I haven’t managed to get the cross references to the very latest draft versions updated in the documents, but will do so when draft submission re-opens. > > Best regards > > Sara. > > > Begin forwarded message: > > From: internet-drafts@ietf.org > Subject: New Version Notification for draft-dickinson-dprive-bcp-op-00.txt > Date: 2 July 2018 at 18:31:13 BST > To: "Sara Dickinson" <sara@sinodun.com>, "Benno J. Overeinder" <benno@nlnetlabs.nl>, "Benno Overeinder" <benno@NLnetLabs.nl>, "Allison Mankin" <allison.mankin@gmail.com>, "Roland M. van Rijswijk-Deij" <roland.vanrijswijk@surfnet.nl>, "Roland van Rijswijk-Deij" <roland.vanrijswijk@surfnet.nl> > > > A new version of I-D, draft-dickinson-dprive-bcp-op-00.txt > has been successfully submitted by Sara Dickinson and posted to the > IETF repository. > > Name: draft-dickinson-dprive-bcp-op > Revision: 00 > Title: Recommendations for DNS Privacy Service Operators > Document date: 2018-07-02 > Group: Individual Submission > Pages: 32 > URL: https://www.ietf.org/internet-drafts/draft-dickinson-dprive-bcp-op-00.txt > Status: https://datatracker.ietf.org/doc/draft-dickinson-dprive-bcp-op/ > Htmlized: https://tools.ietf.org/html/draft-dickinson-dprive-bcp-op-00 > Htmlized: https://datatracker.ietf.org/doc/html/draft-dickinson-dprive-bcp-op > > > Abstract: > This document presents operational, policy and security > considerations for DNS operators who choose to offer DNS Privacy > services. With the recommendations, the operator can make deliberate > decisions which services to provide, and how the decisions and > alternatives impact the privacy of users. > > This document also presents a framework to assist writers of DNS > Privacy Policy and Practices Statements (analogous to DNS Security > Extensions (DNSSEC) Policies and DNSSEC Practice Statements described > in [RFC6841]). > > > > > Begin forwarded message: > > From: internet-drafts@ietf.org > Subject: New Version Notification for draft-bortzmeyer-dprive-rfc7626-bis-00.txt > Date: 2 July 2018 at 18:54:30 BST > To: "Sara Dickinson" <sara@sinodun.com>, "Stephane Bortzmeyer" <bortzmeyer+ietf@nic.fr> > > > A new version of I-D, draft-bortzmeyer-dprive-rfc7626-bis-00.txt > has been successfully submitted by Sara Dickinson and posted to the > IETF repository. > > Name: draft-bortzmeyer-dprive-rfc7626-bis > Revision: 00 > Title: DNS Privacy Considerations > Document date: 2018-07-02 > Group: Individual Submission > Pages: 22 > URL: https://www.ietf.org/internet-drafts/draft-bortzmeyer-dprive-rfc7626-bis-00.txt > Status: https://datatracker.ietf.org/doc/draft-bortzmeyer-dprive-rfc7626-bis/ > Htmlized: https://tools.ietf.org/html/draft-bortzmeyer-dprive-rfc7626-bis-00 > Htmlized: https://datatracker.ietf.org/doc/html/draft-bortzmeyer-dprive-rfc7626-bis > > > Abstract: > This document describes the privacy issues associated with the use of > the DNS by Internet users. It is intended to be an analysis of the > present situation and does not prescribe solutions. > > > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy
- [dns-privacy] Fwd: New Version Notification for d… Sara Dickinson
- Re: [dns-privacy] New Version Notification for dr… Sara Dickinson
- Re: [dns-privacy] Fwd: New Version Notification f… Puneet Sood
- Re: [dns-privacy] New Version Notification for dr… Amelia Andersdotter