Re: [dns-privacy] Last Call: <draft-ietf-dprive-rfc7626-bis-03.txt> (DNS Privacy Considerations) to Informational RFC
S Moonesamy <sm+ietf@elandsys.com> Thu, 02 January 2020 08:38 UTC
Return-Path: <sm@elandsys.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA61E12001E; Thu, 2 Jan 2020 00:38:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.697
X-Spam-Level:
X-Spam-Status: No, score=-1.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=elandsys.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z2_MBbCgB0FQ; Thu, 2 Jan 2020 00:38:04 -0800 (PST)
Received: from mx.elandsys.com (mx.elandsys.com [162.213.2.210]) by ietfa.amsl.com (Postfix) with ESMTP id 010F9120048; Thu, 2 Jan 2020 00:38:00 -0800 (PST)
Received: from DESKTOP-K6V9C2L.elandsys.com ([102.116.121.2]) (authenticated bits=0) by mx.elandsys.com (8.15.2/8.14.5) with ESMTPSA id 0028biph027851 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 2 Jan 2020 00:37:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1577954279; x=1578040679; i=@elandsys.com; bh=o1ON7u/K+81IXGwJnj5vU1rpTBPhgMmoynA6yTYhym0=; h=Date:To:From:Subject:In-Reply-To:References; b=T+tltdj/ye3vMiOsDokPNwYqMo4iIEQTeKOeJMZfE3zmH2yTE4nnsZ/+7uKut9CaJ uWLnL03rxj+18mSaUJnUWRH3meohHAjjwREj4ub8HgyMj0SRPHw0Xf3CCJfBTesZUR cJbiYAZF499DOE2Uwjm3UguuaYbDb5SfY8aqmoq8=
Message-Id: <6.2.5.6.2.20200101181705.081679d0@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Wed, 01 Jan 2020 22:45:58 -0800
To: dns-privacy@ietf.org, Brian Haberman <brian@innovationslab.net>, draft-ietf-dprive-rfc7626-bis@ietf.org, dprive-chairs@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
In-Reply-To: <157412591286.14148.8912544206473080519.idtracker@ietfa.ams l.com>
References: <157412591286.14148.8912544206473080519.idtracker@ietfa.amsl.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/lS2BdqksRMwKYgg8McnEHEDwhlc>
Subject: Re: [dns-privacy] Last Call: <draft-ietf-dprive-rfc7626-bis-03.txt> (DNS Privacy Considerations) to Informational RFC
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jan 2020 08:38:05 -0000
Hello, There are currently four (IETF) working groups focused on DNS with three of them having privacy as part of their charter. I read draft-ietf-dprive-rfc7626-bis-03 as I was looking for a document which might be related to those topics. Section 1 of the draft has a tutorial of how DNS works. What is the audience for this draft? Section 3.1 of the draft discusses about the claim that "the data in the DNS is public". The claim is supported [1] by one of the authors of the draft. The draft states that the claim makes sense. What is the meaning of the "data in the DNS"? Does "is public" mean that the "data" is not confidential? Section 3.2 discusses what a user does and use a DNS query related to email as an example. Is the MUA expected to validated the MX RR or is it the role of the MSA? Section 3.4.1 discusses the lack of confidentiality in the design of DNSSEC and equates privacy-aware with "secured against surveillance". Mixing the pervasive monitoring and privacy aspects creates ambiguity. For example, encrypting all the entire DNS communication chain with adequate security mechanisms could mitigate pervasive monitoring concerns. However, that does not address privacy concerns as there is still entities which are able to collect and process those DNS queries for secondary purposes. The choice of resolvers was previously made by the network on which the user was connected. Recently, the Internet Engineering Steering Group approved the standardization of a mechanism so that the choice can be made by a web browser. The data from the DNS query is, with some exceptions, automatically transferred to a foreign jurisdiction. The draft mentions in Section 3.5.1.1 that the entities running networks might have a strong, medium, or weak privacy policy. However, it misses a crucial aspect with respect to privacy policies, which is the redress mechanism available to the user. Section 3.5.1.3 states that user privacy can also be at risk if the network operator blocks access to some remote recursive server. It could be argued that it might be a filtering (or censorship) technique. However, it does not have an impact on user privacy unless there is an identifier which can be traced back to the user. If I understood Section 3.5.1.5.2. correctly, the move to DNS over HTTPS created more privacy issues because HTTPS functionality was favored at the expense of privacy. Section 3.6 of the draft states that the IAB privacy and security program has some work in progress. Given that it has been over four years, could an update be provided about that work in progress? Section 5 discusses legalities within a European Union context and concluded that there are no specific laws for DNS data in any country. Did the working group conduct a worldwide study to find evidence of that? Regards, S. Moonesamy 1. http://r.elandsys.com/r/32470
- [dns-privacy] Last Call: <draft-ietf-dprive-rfc76… The IESG
- Re: [dns-privacy] Last Call: <draft-ietf-dprive-r… S Moonesamy
- Re: [dns-privacy] Last Call: <draft-ietf-dprive-r… Stephane Bortzmeyer
- Re: [dns-privacy] Last Call: <draft-ietf-dprive-r… S Moonesamy
- Re: [dns-privacy] Last Call: <draft-ietf-dprive-r… Eric Rescorla
- Re: [dns-privacy] Last Call: <draft-ietf-dprive-r… Sara Dickinson
- Re: [dns-privacy] Last Call: <draft-ietf-dprive-r… S Moonesamy
- Re: [dns-privacy] Last Call: <draft-ietf-dprive-r… Brian Haberman
- Re: [dns-privacy] Last Call: <draft-ietf-dprive-r… Sara Dickinson
- Re: [dns-privacy] Last Call: <draft-ietf-dprive-r… S Moonesamy