IETF Logo Mail Archive

Re: [dns-privacy] NS names, was re-evaluation of the draft, was Re: [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]

Shumon Huque <shuque@gmail.com> Wed, 10 June 2020 13:59 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDA883A08CB for <dns-privacy@ietfa.amsl.com>; Wed, 10 Jun 2020 06:59:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRNdfGcY3NUm for <dns-privacy@ietfa.amsl.com>; Wed, 10 Jun 2020 06:59:39 -0700 (PDT)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82E773A0914 for <dns-privacy@ietf.org>; Wed, 10 Jun 2020 06:59:38 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id p20so2654702ejd.13 for <dns-privacy@ietf.org>; Wed, 10 Jun 2020 06:59:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eeyvcbYSUZyAmvKpRuKiGlZCjTkkFcUu4ysb44m/qcg=; b=sbnjLtQd3Ux2QfCxVVORURio2yPHsV0tqjVJ2GaYo4fCUdC7smQxBFlN7W7IdukCDf KloOvycmB5J/L6HPxsVugZ6hL5IYR8qam2FDAt/el4ENhKlYJe7YH7yfFCK8fNTFbHTS wudP4KNPr9C8wTptmdkhpRzenjTZtO/frxRsA/7OrGL9PV6qr2UWekxewCuMgDWfRSv9 HQcDlW/RBAQdMx62ciuIq8z9tubJ59Y1WKDpa3iuK1yyjsJ8RAP4t7iz7V9Jql9kWt6M 9VMUs1FY6gGHegvXd3hzbkybi+Rr9fHRtsKSqgPJFJx5S14IBmBjHCWJ/KjoCsRkl8hn bDHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eeyvcbYSUZyAmvKpRuKiGlZCjTkkFcUu4ysb44m/qcg=; b=byctIoIAUcorPQk5DAkJg/rFLtCgRMFXVIMx4LeZNHG79ExUOgoKZh8NUn0KWbf4p0 npqdDJNqhafeZKZqS9NVzT9lykLyr1oyRkSeleJZJ4LWbKxVShJbobUTcYL/jHWUhZjI QxRI1i6S8kR8jI+CtMYEpCbnCmekSqSU2jGlNjgVfyDdVuLSnz8npS/g/okE5lfBFU1R KsLqXj8O/A/RUSF5qmoFJ8LlTJPSBloDl3C2JA3BQQDqlj/ieqYltIhJD2qa4YDwgRld YKEBiYoztdNRFuD3jUUja6yClRjRn0LgWSjvXU8shvQclqd5cuUPPQh5OIs8lXMW2EWl vzGw==
X-Gm-Message-State: AOAM533dri4ee4t4kQh8GzZ739dJeHfq4QzJdfclBE+Cxaygxz7gFWZ/ R29N9+oUGRdhzkVLQKivjqpX3FwY0fPr1t23yxs=
X-Google-Smtp-Source: ABdhPJws2ks1TtmyrC6JePV7/4G5hnKEY3lngGMyWOy9x2JpV20/g5jKTPUp0HTJV0DzykS4FeaIkn4A6/NG8RfT+bk=
X-Received: by 2002:a17:906:b301:: with SMTP id n1mr865073ejz.64.1591797575687; Wed, 10 Jun 2020 06:59:35 -0700 (PDT)
MIME-Version: 1.0
References: <CAHPuVdVJ2_DoPpb5C2ET8kEzvfDHACPNQP-2r__sVTQ76WmL4w@mail.gmail.com> <EF30ADBD-3EFA-4224-8828-C6E019F03887@nohats.ca>
In-Reply-To: <EF30ADBD-3EFA-4224-8828-C6E019F03887@nohats.ca>
From: Shumon Huque <shuque@gmail.com>
Date: Wed, 10 Jun 2020 09:59:24 -0400
Message-ID: <CAHPuVdVB9jFLgTaj6s4Qk9i-Devi4qcnbT57BLvsFAjFnr19YQ@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Christian Huitema <huitema@huitema.net>, dns-privacy@ietf.org
Content-Type: multipart/alternative; boundary="0000000000000da49605a7bb41b5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/wodap_Hy_KQWySWrrcJojXvbeXk>
Subject: Re: [dns-privacy] NS names, was re-evaluation of the draft, was Re: [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 13:59:43 -0000

On Wed, Jun 10, 2020 at 9:37 AM Paul Wouters <paul@nohats.ca> wrote:

>
> On Jun 10, 2020, at 07:55, Shumon Huque <shuque@gmail.com> wrote:
> >
> >
> >
> > The more I think about all the privacy leaks that have to be plugged at
> > the DNS and application layers, Tor increasingly looks better as a
> > general purpose solution (either as a network to funnel DNS messages
> > through, or even better, having zone operators locate authority servers
> > inside Tor as hidden services). It has a significant performance cost,
> > but real privacy always does.
>
> You don’t really mean tor, but you mean a shared pool of resolvers used by
> a large group that breaks the one on one relationship between queries and
> answers.
>
> It’s fine if we connect to that using DoT or DoH.
>

Well, not as good as Tor's onion routing, or real mix networks, but that
would be a step in the right direction. But pervasive network adversaries
that can observe both sides of the traffic and perform traffic correlation
attacks are still a threat.

So, ideally something should be done on the authoritative server side too.
If we configure zones on large shared hosting providers, then the hosting
provider becomes the privacy adversary or the point of coercion.

Shumon.

v2.23.0 | Report a Bug | By Email