Re: [DNSOP] An approach to DNS privacy

Phillip Hallam-Baker <hallam@gmail.com> Sun, 09 March 2014 13:27 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 289121A0339 for <dnsop@ietfa.amsl.com>; Sun, 9 Mar 2014 06:27:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sTYl1m2wBdGS for <dnsop@ietfa.amsl.com>; Sun, 9 Mar 2014 06:27:16 -0700 (PDT)
Received: from mail-la0-x234.google.com (mail-la0-x234.google.com [IPv6:2a00:1450:4010:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id 9606A1A031D for <dnsop@ietf.org>; Sun, 9 Mar 2014 06:27:15 -0700 (PDT)
Received: by mail-la0-f52.google.com with SMTP id ec20so3886889lab.25 for <dnsop@ietf.org>; Sun, 09 Mar 2014 06:27:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HiCkRmoNQUrSProjHc9JXKqrBBXY6lRnYzrVGrEOEsM=; b=kRaUBEUGUjSx0q1+JPsKNIa6rQs1/wnUqgTn9+9/8uQ1AXqKtPTJwN5sb0pbQdf2Zg zTQjUc0q2xkOXIa1Pa18Ky7Rz9Oxvmcf2p0os73e81cBDF+5vLrseLBMdzVSL/i62M/Q p35veEZ0NSHzlIkbXC4EGt+3r+FumA7rB3qQ3VyIr7W66pzthhLwjjDG0O1vqisIFi2O 19PgCMg2sYTjkGNU5FLL5F68GYJw55PBMcfidge4QRtWc9fKK+hXBsOqH39iGGmuAnpA 5QPTzX555K56u52axvPtKOnA1MPBCp3A8GxaC/IDlnQsbSQuw6k+Uc02LFbEgOnNJ35U v60Q==
MIME-Version: 1.0
X-Received: by 10.152.23.39 with SMTP id j7mr5596780laf.35.1394371629628; Sun, 09 Mar 2014 06:27:09 -0700 (PDT)
Received: by 10.112.37.168 with HTTP; Sun, 9 Mar 2014 06:27:09 -0700 (PDT)
In-Reply-To: <87lhwj8y4d.fsf@mid.deneb.enyo.de>
References: <CAMm+LwgZOPvGX_mzqmpt1zDj3cZdF0y2du=Di5q8Vfo4aYjNYw@mail.gmail.com> <87lhwj8y4d.fsf@mid.deneb.enyo.de>
Date: Sun, 9 Mar 2014 09:27:09 -0400
Message-ID: <CAMm+LwhH0Zq-Adok8YxDkHAUA+ga7eTLnyXAGxee=h8RivSm0g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Florian Weimer <fw@deneb.enyo.de>
Content-Type: multipart/alternative; boundary=089e0158ca04ab42a004f42c7182
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/ARcsxEyNRKbzg-h07Cjtk1UEq5U
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] An approach to DNS privacy
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Mar 2014 13:27:18 -0000

On Sun, Mar 9, 2014 at 6:28 AM, Florian Weimer <fw@deneb.enyo.de> wrote:

> * Phillip Hallam-Baker:
>
> > For a heavily trafficked resolver, the resolver-authoritative
> > interaction can be addressed with caching and by pre-fetching the
> > bulk of the requests.  But this approach does not work so well for
> > the lightly trafficked resolver and especially not a local resolver
> > deployed in a home network.
>
> Does encryption really make a difference there?  In most
> jurisdictions, home networks use recursive resolvers whose operators
> are required by law to provide cleartext copies to local authorities.
> Encryption won't change that.
>

The protocol is premised on the user or administrator choosing their own
resolver.

If the resolver service is provisioned by a jurisdiction outside the scope
of the legal requirements that you claim, it is null and void.


But first, cite actual legal authority because I don't believe your
interpretation of the law is remotely correct.

-- 
Website: http://hallambaker.com/