IETF Logo Mail Archive

[dns-privacy] draft-ietf-dprive-phase2-requirements: The User Perspective and Use Cases

"Hollenbeck, Scott" <shollenbeck@verisign.com> Fri, 19 March 2021 11:10 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFDDF3A0E6B for <dns-privacy@ietfa.amsl.com>; Fri, 19 Mar 2021 04:10:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tUkmPoXsWQhc for <dns-privacy@ietfa.amsl.com>; Fri, 19 Mar 2021 04:10:48 -0700 (PDT)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78FC43A0E6A for <dprive@ietf.org>; Fri, 19 Mar 2021 04:10:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=1797; q=dns/txt; s=VRSN; t=1616152248; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=LzJ0hpA+o34LG8XNlYDhvvp7jLx0Jm0zEFjSD9SV/qM=; b=Q9vGeQt3GmoM2ZrYDz4tN1rbRtHff2jrOSmKJtJIvIyvYrRdTcFBl1DE IXMoRdC50q8hJZPTt2J8OYZW4+WtrMwF85OfRtv5t5rAi9cN3nY9PVcb9 on9OxXvF2RNbyKRiT/PxIIFoaPKr8LsB50vUNm6lTrndRDHc00OgxwKV7 23IwS9Im0rSn8nDRTgxUTt9jS1y+NX2ymJHsUU48ClcTp2Ff13dL4+9XA idpaQHrsm3mY8U0i5nSBeYR2xzs3iesd+EvdIbALtC1psiOi2oDw0jlVy 5d0Q6RPlYApExtxwF8Mo4Y/pXv7zXvAl5lhurXjgEMOffvKLEkvarOBpd w==;
IronPort-SDR: bOJ0efYxocwz41db3TNrnpX5WkVSfD5iSM6caahkJTDvH7F/PIJG8XANsgHJRnB/sVv7pGb8m7 ROffLLj3bLn9JeeEWsa6EGsY1BZ6VlWw0HodsQInRkH5U2xmPBINhMhNKo4V9NUl1Q79M46JLk GMCo9T7uuJTospq0yLwniv72KXuo8crfeFT/MZQzDNai0pjXPa+2NdC4u8K2eq03YqexWoMKcJ AiRjt4wOui/9DAvLU8pcluxNe5BZ56wwJaN39rZmHXlntyzbCX4BfaKNLdkZedZlJZqcetHAUZ msQ=
IronPort-HdrOrdr: A9a23:y1/CJa4SCtHjTJZL4gPXwF/XdLJzesId70hD6mlaTxtJfsuE0/ 20lPMA2hPuzBoXUncsmdePUZPwJE/035hz/IUXIPOeTBDr0VHYTr1KwIP+z1TbexHW2fVa0c 5bHZRWLP3VIRxEgd3h4A++euxO/PC9/KqlhfjTwh5WJGlXQpt95AR0ABvzKDwUeCB6A/MCda a0145oqz2tYnwLYsn+LWltZYT+juyOsJ79exYJC1oE5Bnmt1mVwY+/NxSDxB8RX3d03LE4/Q H+/jDR/Km5rP2h8BPa2lLS65g+orDc9uc=
X-IronPort-AV: E=Sophos;i="5.81,261,1610409600"; d="scan'208";a="5521339"
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Fri, 19 Mar 2021 07:10:46 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.2176.009; Fri, 19 Mar 2021 07:10:46 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "dprive@ietf.org" <dprive@ietf.org>
Thread-Topic: draft-ietf-dprive-phase2-requirements: The User Perspective and Use Cases
Thread-Index: AdccsGYrdqLwH3WvQl6guRcy0JfyLQ==
Date: Fri, 19 Mar 2021 11:10:46 +0000
Message-ID: <edd165f702ad4a9c87c70fdf28057835@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/cKQfRfv6uM8D_suXJkSj2GdJGYk>
Subject: [dns-privacy] draft-ietf-dprive-phase2-requirements: The User Perspective and Use Cases
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2021 11:10:50 -0000

Section 9.1 of draft-ietf-dprive-phase2-requirements currently contains this text:

"As recursors typically forwards queries received from the user to authoritative servers.  This creates a transitive trust between the user and the recursor, as well as the authoritative server, since information created by the user is exposed to the authoritative server.  However, the user never has a chance to identify what data was exposed to which authoritative party (via which path).

Also, Users would want to be informed about the status of the connections which were made on their behalf, which adds a fourth point

Encryption/privacy status signaling

*TODO*: Actual requirements - what do users "want"?  Start below:"

I'm not sure there's much to be added here since users currently have no ability to pick and choose services that a recursive resolver negotiates with an authoritative name server. The user can pick a recursive resolver based on the set of services it provides, and that's about it. I'd like to suggest that we replace the above text with something like the following:

"Recursive resolvers typically act as intermediaries.  They forward queries received from users to authoritative servers without any configurable and/or measurable interaction between the user and the authoritative name servers. As when making requests through other intermediaries, users do not necessarily have the ability to identify information that is disclosed by the intermediary to other service provider, i.e., an authoritative server in this case. As such,
users should simply choose a recursor that provides a set of services that best meets the user's need for information protection, along with other considerations."

Scott

v2.23.0 | Report a Bug | By Email