Re: [DNSOP] DNS privacy : now at least two drafts

Florian Weimer <fw@deneb.enyo.de> Sun, 16 March 2014 15:00 UTC

Return-Path: <fw@deneb.enyo.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97BB51A02FA for <dnsop@ietfa.amsl.com>; Sun, 16 Mar 2014 08:00:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_DE=0.35, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3EGvDykMYynW for <dnsop@ietfa.amsl.com>; Sun, 16 Mar 2014 08:00:17 -0700 (PDT)
Received: from ka.mail.enyo.de (ka.mail.enyo.de [87.106.162.201]) by ietfa.amsl.com (Postfix) with ESMTP id 4F6431A01E9 for <dnsop@ietf.org>; Sun, 16 Mar 2014 08:00:17 -0700 (PDT)
Received: from [172.17.135.4] (helo=deneb.enyo.de) by ka.mail.enyo.de with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) id 1WPCXo-0003Me-Pz; Sun, 16 Mar 2014 16:00:08 +0100
Received: from fw by deneb.enyo.de with local (Exim 4.80) (envelope-from <fw@deneb.enyo.de>) id 1WPCXo-0005KB-Is; Sun, 16 Mar 2014 16:00:08 +0100
From: Florian Weimer <fw@deneb.enyo.de>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
References: <20131217112527.GA18176@nic.fr> <87ob1geis0.fsf@mid.deneb.enyo.de>
Date: Sun, 16 Mar 2014 16:00:08 +0100
In-Reply-To: <87ob1geis0.fsf@mid.deneb.enyo.de> (Florian Weimer's message of "Sat, 08 Mar 2014 17:50:55 +0100")
Message-ID: <874n2yw5mv.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/SiY8sr7OfJxuDVxcmRjddZQ2IfI
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] DNS privacy : now at least two drafts
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Mar 2014 15:00:19 -0000

* Florian Weimer:

> There is another privacy-enhancing approach that is not mentioned in
> the draft: defensive delegations.  For example, with current resolver
> behavior, the lack of a delegation for 1.E164.ARPA means that queries
> under that tree are sent to the E164.ARPA servers, which are scattered
> around the globe.  With a delegation, the delegation would be cached
> and queries could be kept locally in the region.

And another one: If you make your queries against a local copy of the
DNS tree (which has been made irrespective of future demand), then
nobody else will now which DNS records you are intersted in.

This approach obviously weighs query privacy over database protection
(whether as someone's intellectual property or with regards to domain
owner privacy).