Re: [dns-privacy] NS names, was re-evaluation of the draft, was Re: [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]
Shumon Huque <shuque@gmail.com> Wed, 10 June 2020 13:59 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDA883A08CB for <dns-privacy@ietfa.amsl.com>; Wed, 10 Jun 2020 06:59:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRNdfGcY3NUm for <dns-privacy@ietfa.amsl.com>; Wed, 10 Jun 2020 06:59:39 -0700 (PDT)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82E773A0914 for <dns-privacy@ietf.org>; Wed, 10 Jun 2020 06:59:38 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id p20so2654702ejd.13 for <dns-privacy@ietf.org>; Wed, 10 Jun 2020 06:59:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eeyvcbYSUZyAmvKpRuKiGlZCjTkkFcUu4ysb44m/qcg=; b=sbnjLtQd3Ux2QfCxVVORURio2yPHsV0tqjVJ2GaYo4fCUdC7smQxBFlN7W7IdukCDf KloOvycmB5J/L6HPxsVugZ6hL5IYR8qam2FDAt/el4ENhKlYJe7YH7yfFCK8fNTFbHTS wudP4KNPr9C8wTptmdkhpRzenjTZtO/frxRsA/7OrGL9PV6qr2UWekxewCuMgDWfRSv9 HQcDlW/RBAQdMx62ciuIq8z9tubJ59Y1WKDpa3iuK1yyjsJ8RAP4t7iz7V9Jql9kWt6M 9VMUs1FY6gGHegvXd3hzbkybi+Rr9fHRtsKSqgPJFJx5S14IBmBjHCWJ/KjoCsRkl8hn bDHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eeyvcbYSUZyAmvKpRuKiGlZCjTkkFcUu4ysb44m/qcg=; b=byctIoIAUcorPQk5DAkJg/rFLtCgRMFXVIMx4LeZNHG79ExUOgoKZh8NUn0KWbf4p0 npqdDJNqhafeZKZqS9NVzT9lykLyr1oyRkSeleJZJ4LWbKxVShJbobUTcYL/jHWUhZjI QxRI1i6S8kR8jI+CtMYEpCbnCmekSqSU2jGlNjgVfyDdVuLSnz8npS/g/okE5lfBFU1R KsLqXj8O/A/RUSF5qmoFJ8LlTJPSBloDl3C2JA3BQQDqlj/ieqYltIhJD2qa4YDwgRld YKEBiYoztdNRFuD3jUUja6yClRjRn0LgWSjvXU8shvQclqd5cuUPPQh5OIs8lXMW2EWl vzGw==
X-Gm-Message-State: AOAM533dri4ee4t4kQh8GzZ739dJeHfq4QzJdfclBE+Cxaygxz7gFWZ/ R29N9+oUGRdhzkVLQKivjqpX3FwY0fPr1t23yxs=
X-Google-Smtp-Source: ABdhPJws2ks1TtmyrC6JePV7/4G5hnKEY3lngGMyWOy9x2JpV20/g5jKTPUp0HTJV0DzykS4FeaIkn4A6/NG8RfT+bk=
X-Received: by 2002:a17:906:b301:: with SMTP id n1mr865073ejz.64.1591797575687; Wed, 10 Jun 2020 06:59:35 -0700 (PDT)
MIME-Version: 1.0
References: <CAHPuVdVJ2_DoPpb5C2ET8kEzvfDHACPNQP-2r__sVTQ76WmL4w@mail.gmail.com> <EF30ADBD-3EFA-4224-8828-C6E019F03887@nohats.ca>
In-Reply-To: <EF30ADBD-3EFA-4224-8828-C6E019F03887@nohats.ca>
From: Shumon Huque <shuque@gmail.com>
Date: Wed, 10 Jun 2020 09:59:24 -0400
Message-ID: <CAHPuVdVB9jFLgTaj6s4Qk9i-Devi4qcnbT57BLvsFAjFnr19YQ@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Christian Huitema <huitema@huitema.net>, dns-privacy@ietf.org
Content-Type: multipart/alternative; boundary="0000000000000da49605a7bb41b5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/wodap_Hy_KQWySWrrcJojXvbeXk>
Subject: Re: [dns-privacy] NS names, was re-evaluation of the draft, was Re: [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 13:59:43 -0000
On Wed, Jun 10, 2020 at 9:37 AM Paul Wouters <paul@nohats.ca> wrote: > > On Jun 10, 2020, at 07:55, Shumon Huque <shuque@gmail.com> wrote: > > > > > > > > The more I think about all the privacy leaks that have to be plugged at > > the DNS and application layers, Tor increasingly looks better as a > > general purpose solution (either as a network to funnel DNS messages > > through, or even better, having zone operators locate authority servers > > inside Tor as hidden services). It has a significant performance cost, > > but real privacy always does. > > You don’t really mean tor, but you mean a shared pool of resolvers used by > a large group that breaks the one on one relationship between queries and > answers. > > It’s fine if we connect to that using DoT or DoH. > Well, not as good as Tor's onion routing, or real mix networks, but that would be a step in the right direction. But pervasive network adversaries that can observe both sides of the traffic and perform traffic correlation attacks are still a threat. So, ideally something should be done on the authoritative server side too. If we configure zones on large shared hosting providers, then the hosting provider becomes the privacy adversary or the point of coercion. Shumon.
- [dns-privacy] [Fwd: New Version Notification for … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Mikael Abrahamsson
- Re: [dns-privacy] [Fwd: New Version Notification … Jeremy Harris
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Petr Špaček
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Christian Huitema
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Ondřej Surý
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Ben Schwartz
- Re: [dns-privacy] [Fwd: New Version Notification … Petr Špaček
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Ben Schwartz
- Re: [dns-privacy] [Fwd: New Version Notification … Tony Finch
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Ben Schwartz
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Stephen Farrell
- Re: [dns-privacy] [Fwd: New Version Notification … Petr Špaček
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Shumon Huque
- Re: [dns-privacy] [Fwd: New Version Notification … Eric Rescorla
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Eric Rescorla
- Re: [dns-privacy] [Fwd: New Version Notification … Ben Schwartz
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Petr Špaček
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Tony Finch
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Paul Wouters
- Re: [dns-privacy] [Fwd: New Version Notification … Christian Huitema
- Re: [dns-privacy] [Fwd: New Version Notification … Peter van Dijk
- [dns-privacy] re-evaluation of the draft, was Re:… Paul Wouters
- Re: [dns-privacy] re-evaluation of the draft, was… Robin Geuze
- Re: [dns-privacy] re-evaluation of the draft, was… Shumon Huque
- Re: [dns-privacy] re-evaluation of the draft, was… Peter van Dijk
- Re: [dns-privacy] re-evaluation of the draft, was… Shumon Huque
- Re: [dns-privacy] NS names, was re-evaluation of … John Levine
- Re: [dns-privacy] NS names, was re-evaluation of … Shumon Huque
- Re: [dns-privacy] re-evaluation of the draft, was… Paul Wouters
- Re: [dns-privacy] NS names, was re-evaluation of … Christian Huitema
- Re: [dns-privacy] re-evaluation of the draft, was… Peter van Dijk
- Re: [dns-privacy] NS names, was re-evaluation of … Shumon Huque
- Re: [dns-privacy] NS names, was re-evaluation of … Paul Wouters
- Re: [dns-privacy] NS names, was re-evaluation of … Shumon Huque
- Re: [dns-privacy] NS names, was re-evaluation of … Bill Woodcock
- Re: [dns-privacy] NS names, was re-evaluation of … Shumon Huque
- Re: [dns-privacy] NS names, was re-evaluation of … Bill Woodcock
- Re: [dns-privacy] NS names, was re-evaluation of … John R Levine
- Re: [dns-privacy] NS names, was re-evaluation of … Brian Dickson
- Re: [dns-privacy] bootstrapping NS names, was re-… John Levine
- Re: [dns-privacy] bootstrapping NS names, was re-… Brian Dickson
- Re: [dns-privacy] bootstrapping NS names, was re-… John R Levine