Re: [dns-privacy] Root Server Operators Statement on DNS Encryption

Stephane Bortzmeyer <bortzmeyer@nic.fr> Wed, 31 March 2021 09:22 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A33F63A2179 for <dns-privacy@ietfa.amsl.com>; Wed, 31 Mar 2021 02:22:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qhsnPRwFtQhk for <dns-privacy@ietfa.amsl.com>; Wed, 31 Mar 2021 02:22:43 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 874483A2177 for <dprive@ietf.org>; Wed, 31 Mar 2021 02:22:43 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 0D1E0281398; Wed, 31 Mar 2021 11:22:42 +0200 (CEST)
Received: by mx4.nic.fr (Postfix, from userid 500) id 056052813AF; Wed, 31 Mar 2021 11:22:42 +0200 (CEST)
Received: from relay01.prive.nic.fr (relay01.prive.nic.fr [IPv6:2001:67c:2218:15::11]) by mx4.nic.fr (Postfix) with ESMTP id F1CCE281398; Wed, 31 Mar 2021 11:22:41 +0200 (CEST)
Received: from b12.nic.fr (b12.users.prive.nic.fr [10.10.86.133]) by relay01.prive.nic.fr (Postfix) with ESMTP id ECF9C60911A0; Wed, 31 Mar 2021 11:22:41 +0200 (CEST)
Received: by b12.nic.fr (Postfix, from userid 1000) id DB1833FE9E; Wed, 31 Mar 2021 11:22:16 +0200 (CEST)
Date: Wed, 31 Mar 2021 11:22:16 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Erik Kline <ek.ietf@gmail.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Eric Rescorla <ekr@rtfm.com>, "Hollenbeck, Scott" <shollenbeck=40verisign.com@dmarc.ietf.org>, "dprive@ietf.org" <dprive@ietf.org>, Rob Sayre <sayrer@gmail.com>
Message-ID: <20210331092216.GC10597@nic.fr>
References: <c925da9089fa4b1e991ec74fc9c11e7f@verisign.com> <CAChr6Sxwao=FAcoeHMuOf0L=JCZ+wvhsr9BNZW_dbt+1=HWQwg@mail.gmail.com> <CAMGpriX5rbswMQnjh4gZqsLjh2xUJxjJVxe2rEAVu=RdLAbGFw@mail.gmail.com> <CABcZeBOntrAqq_bVL-y-BP0DZLvYmVMkvKqi8K0D_SFqAfCVXg@mail.gmail.com> <96c2475d-ad93-a442-2003-db6f8782e450@cs.tcd.ie> <CAMGpriXdU7_mJh8CQvSiZGQaDUD9aZF=0iYu0yKBS06khAHgng@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAMGpriXdU7_mJh8CQvSiZGQaDUD9aZF=0iYu0yKBS06khAHgng@mail.gmail.com>
X-Operating-System: Debian GNU/Linux 10.8
X-Kernel: Linux 4.19.0-14-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Bogosity: No, tests=bogofilter, spamicity=0.000187, version=1.2.2
X-PMX-Version: 6.4.9.2830568, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2021.3.31.91215, AntiVirus-Engine: 5.82.0, AntiVirus-Data: 2021.3.31.5820001
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/V8pvRhwUr-oyYWzR_NUjT6T3nBc>
Subject: Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 09:22:45 -0000

On Tue, Mar 30, 2021 at 05:53:59PM -0700,
 Erik Kline <ek.ietf@gmail.com> wrote 
 a message of 111 lines which said:

> I think, "IN NS com." doesn't reveal much information.  But perhaps
> "IN NS sensitive-tld." could have privacy implications for some
> folks?

ir? cu? gay?

Also, while com/NS will be in the resolver's cache most of the time,
some small TLDs won't, so the request may be more easily correlated
with other activity.