Re: [DNSOP] revisiting outstanding dicusses for 6304bis
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 24 February 2015 20:46 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B07EE1A88E5 for <dnsop@ietfa.amsl.com>; Tue, 24 Feb 2015 12:46:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d0WkzwCSHShC for <dnsop@ietfa.amsl.com>; Tue, 24 Feb 2015 12:46:51 -0800 (PST)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 177551A8737 for <dnsop@ietf.org>; Tue, 24 Feb 2015 12:46:51 -0800 (PST)
Received: by labgq15 with SMTP id gq15so28611650lab.6 for <dnsop@ietf.org>; Tue, 24 Feb 2015 12:46:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xjcOopjj8fl4fURE7ZxpaTzDy4NB14X4E0vgzRjDJeY=; b=k0yhqQfS7GAQjfjR6aHdiPrneYcig6FEQ7ZrwaDTavhkVo4D016EVTMiCbUfYEoe3J fTwXrogGcd66RfWxtC7GaJx1Wggm7SQ3FKTr4dCOrBoMkjCDCKlZCMVrBRkgoSpdX/Yf 0cee7heEnxjPUWAaP+ONcoEah4tWffulio/vnXFg5fK3BH4nfFCBuDHoFp+dgyQbWPt0 X513/32ceQG4DarO+HFwI/UEvBlKHOImVP2lzdCJOwsp9AJvP5wAXJbJ/bQi50fksrFO vtmklZdh2eOgxcWAhn7D96VeT+n2eOaEi6T5Jgtr4+LE2e9/i0ip2K5msHmypq5R/UpF FR6A==
MIME-Version: 1.0
X-Received: by 10.112.97.106 with SMTP id dz10mr15964037lbb.4.1424810809580; Tue, 24 Feb 2015 12:46:49 -0800 (PST)
Received: by 10.112.167.101 with HTTP; Tue, 24 Feb 2015 12:46:49 -0800 (PST)
In-Reply-To: <20150224202853.GN1801@mx1.yitter.info>
References: <54A83AFC.4030103@bogus.com> <54EA134D.9020108@bogus.com> <CAHbuEH4t11KvyX-TwW3ZncbA97GEfzvEphaArORsG6hBdZ1ZGg@mail.gmail.com> <F67319C3-66A1-4659-8B12-72F2D5ABBE88@vpnc.org> <CAHbuEH4yRxPZwDNjq8T2bBoPyUp0TaizuftL6HPYfX6eKc92fg@mail.gmail.com> <7232B70E-D9F3-43BD-9DB1-2908A80E9404@bogus.com> <20150224202853.GN1801@mx1.yitter.info>
Date: Tue, 24 Feb 2015 15:46:49 -0500
Message-ID: <CAHbuEH75D7L0F1xXeZ0h9Z4d0XbjfUiF9SLwLSVNjg7uDJB3aA@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Andrew Sullivan <ajs@anvilwalrusden.com>
Content-Type: multipart/alternative; boundary="001a11345b122d601b050fdb9eb3"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/L0gI2hNDR5mL3xe0qN2m7m0wy1Y>
X-Mailman-Approved-At: Tue, 24 Feb 2015 13:59:14 -0800
Cc: Joel Jaeggli <joelja@bogus.com>, "draft-ietf-dnsop-rfc6304bis@tools.ietf.org" <draft-ietf-dnsop-rfc6304bis@tools.ietf.org>, dnsop <dnsop@ietf.org>, "dnsop-chairs@tools.ietf.org" <dnsop-chairs@tools.ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] revisiting outstanding dicusses for 6304bis
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2015 20:46:52 -0000
On Tue, Feb 24, 2015 at 3:28 PM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote: > On Tue, Feb 24, 2015 at 12:06:06PM -0800, Joel Jaeggli wrote: > > Should we consider recommendations with respect to treatment of logging > or storage of queries or the extent to which such queries should be > protected? > > > > IMO, No. The text as it stands says, "This could result in logs." > There are lots of operational reasons to log, and the fact that your > leaking queries could result in information about your system being > made public is a reason _not to leak_ in the first place. That has > nothing to do with operating AS112, which is infrastructure to sink > traffic that never should have made it to the Net in the first place. > > Fair point. I asked for it as an educational point, which hopefully the operators know to protect logs already. I'm sure the folks leaking DNS data don't have a clue their queries are going out, may be logged, and wouldn't know they were supposed to fix this leakage (or how) it unless someone told them. I'll remove the discuss based on the updated text. Thank you. Kathleen > Best regards, > > A > > > -- > Andrew Sullivan > ajs@anvilwalrusden.com > -- Best regards, Kathleen
- Re: [DNSOP] revisiting outstanding dicusses for 6… Joel Jaeggli
- Re: [DNSOP] revisiting outstanding dicusses for 6… Andrew Sullivan
- Re: [DNSOP] revisiting outstanding dicusses for 6… joel jaeggli
- Re: [DNSOP] revisiting outstanding dicusses for 6… Kathleen Moriarty