Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edns-client-ip-00.txt

Martin Barry <marty@supine.com> Mon, 01 February 2010 15:03 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1ACB328C16F; Mon, 1 Feb 2010 07:03:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NWrreUtLFLgV; Mon, 1 Feb 2010 07:03:46 -0800 (PST)
Received: from psg.com (psg.com [147.28.0.62]) by core3.amsl.com (Postfix) with ESMTP id 6E16C28C15A; Mon, 1 Feb 2010 07:03:32 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1Nbxin-000DAw-Hf for namedroppers-data0@psg.com; Mon, 01 Feb 2010 14:57:49 +0000
Received: from [64.71.152.85] (helo=tigger.mamista.net) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.71 (FreeBSD)) (envelope-from <marty@supine.com>) id 1Nbxik-000DAW-Ej for namedroppers@ops.ietf.org; Mon, 01 Feb 2010 14:57:46 +0000
Received: by tigger.mamista.net (Postfix, from userid 1001) id 281121102D0; Tue, 2 Feb 2010 01:57:46 +1100 (EST)
Date: Tue, 02 Feb 2010 01:57:46 +1100
From: Martin Barry <marty@supine.com>
To: namedroppers@ops.ietf.org
Subject: Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edns-client-ip-00.txt
Message-ID: <20100201145746.GA29691@tigger.mamista.net>
References: <7c31c8cc1001271556w4918093er6e94e07cb92c4dc4@mail.gmail.com> <6e04e83a1001281107r470b104dj5d3b66919ce69977@mail.gmail.com> <7c31c8cc1001281125l2605b5d0tc528abdb2d35a48@mail.gmail.com> <6e04e83a1001281155y8961ddfy763d4f79d5d45c3f@mail.gmail.com> <4C393F4E-4DAF-4514-ACE4-E0DBB8C63B34@icsi.berkeley.edu> <4B66E625.2070708@nic.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <4B66E625.2070708@nic.cz>
User-Agent: Mutt/1.5.20 (2009-06-14)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

$quoted_author = "Ondřej Surý" ;
> 
> On 28.1.2010 21:19, Nicholas Weaver wrote:
> >The client has ALREADY given up the privacy to the third party DNS
> >resolver, the additional privacy leakage thereafter would be trivial.
> 
> I strongly disagree with this statement.  You can have all sorts of
> agreements with third party DNS resolver provider, including privacy
> agreement, etc.  This is one-to-one relationship.  On the other hand
> giving your IP address (or netblock) to random third party
> authoritative DNS providers is a different thing in my view, since
> you give your IP address/netblock to every-typo-you-make
> authoritative DNS server.

I'm not sure I understand this concern. 

A DNS request is usually followed by a connection from an application.

Given that the edns-client-ip option in the draft would apply a netmask,
surely that is providing less information to the service operator than the
subsequent connection to their service.

cheers
Marty