Re: [DNSOP] my comments on draft-ietf-dnsop-terminology-bis

Warren Kumari <warren@kumari.net> Fri, 14 April 2017 19:40 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4C50128D69 for <dnsop@ietfa.amsl.com>; Fri, 14 Apr 2017 12:40:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2t1nqgq5NCXt for <dnsop@ietfa.amsl.com>; Fri, 14 Apr 2017 12:40:30 -0700 (PDT)
Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E23551242F7 for <dnsop@ietf.org>; Fri, 14 Apr 2017 12:40:29 -0700 (PDT)
Received: by mail-qt0-x234.google.com with SMTP id n46so70481978qta.2 for <dnsop@ietf.org>; Fri, 14 Apr 2017 12:40:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=BtUgxPkpHAP9ZKmJKg08froF5iYOuYpL7AMmd0yPPGo=; b=VN/oXFMzJTauO6oqgqz+sQ207MUx6N2tzSZuusbfAyH9xEQSjT29gPWOg8veon2COF T1mFpLVBJNn7QiLbfIsuBMnp5IQQ/DS931g0R+xzPHE1FAoZExQLfypR6xxGPfeQ15EP CXIg73BLQFKe7xf02y0MyRy6tTPBx5xu2x4kmCm9nvreu1S52nM3zKX4fobpY3GFuKmB OaGZLiJ63LmCl9tc6H17bdC3ulUyXR01uDNIc9LJhyvvhqt6ICFaR5WQHT8w17c7uxTy 1aCUJGnUPfuiz61MYq5iiKUb1Aj2PB6Dk5f95kGFGJhQoL2R2hicvyL13iAnbWj1z+VM eLJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=BtUgxPkpHAP9ZKmJKg08froF5iYOuYpL7AMmd0yPPGo=; b=OWLV3PD1gZ48OEM68zYD4KuaeBdg1DZsrIve43KBu5JRx84P0gWEPPZyrw4u8qtGxX BD3BCkrfoe316XopBYqnnpuzFJegYP7XLmyimmmrlY5o2OW4qvWaLwe+tGG2J+GjjcTz czLCt58950C/UHoBVy/UAJbcj+VFAWRnxvGYSRmu32JX0KI4ydLeZQdKApNJ5mBZ6RBB gkJFOiDK71mkrmXxq4WxlXsdnDjyZRPWS5f8Tv+g/fBlBgKMgxcq17/wn9pIYTshsUwd +PUIMCvGPXeGgbP1tUJfISZgnXtuAN18kxrxaYDq7VRtwO45Zo5KjMW/TZ0x6OVPdnl6 90CQ==
X-Gm-Message-State: AN3rC/4QwM1VhencyOdbxMRq+vjA1y1oOW6YfXvYDFwJ336UzvyMPTLb 9PzC12tPszb42ODI8Hb6CMuZnjrnZMyCP4l0Gw==
X-Received: by 10.200.51.70 with SMTP id u6mr2846970qta.122.1492198828843; Fri, 14 Apr 2017 12:40:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.183.136 with HTTP; Fri, 14 Apr 2017 12:39:42 -0700 (PDT)
In-Reply-To: <CC2BA9F2-ED01-4271-81D3-E1786413F193@vpnc.org>
References: <58F11DDA.9040307@redbarn.org> <CC2BA9F2-ED01-4271-81D3-E1786413F193@vpnc.org>
From: Warren Kumari <warren@kumari.net>
Date: Fri, 14 Apr 2017 15:39:42 -0400
Message-ID: <CAHw9_iKmnjq-mdk6jhOtVAdRTyY9EcbBQ3_7ucZaM2Lp2yF2iw@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/h1dxhuSAIqYW-_HvwExPEgAziC8>
Subject: Re: [DNSOP] my comments on draft-ietf-dnsop-terminology-bis
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2017 19:40:32 -0000

On Fri, Apr 14, 2017 at 3:15 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
> Started as a new issue at
> https://github.com/DNSOP/draft-ietf-dnsop-terminology-bis/issues/21

<no hats>
I don't think that I agree with "this raises no privacy issues" --
some folk seem to think that they can store "private" information in
the DNS, and if queried for, this may / will expose it. Someone (I
think it was Facebook or LinkedIn) creates (or used to create) a
per-user DNS name for load-balancing purposes -- scraping passive DNS
would allow someone to find many profiles, which could be viewed as a
privacy issue.

I'd much prefer "done correctly, this raises minimal privacy issues"
or "done incorrectly this can raise privacy issues" (or just skip
everything after the semi-colon and say nothing).

I believe that passive DNS is incredibly useful for security stuff, I
just think that saying that it raises no privacy issues could get
sticky.

Oh, I added the above to the issue.
W

>
> --Paul Hoffman
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf