Re: [DNSOP] my dnse vision

Tony Finch <dot@dotat.at> Wed, 05 March 2014 11:43 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E5F51A0462 for <dnsop@ietfa.amsl.com>; Wed, 5 Mar 2014 03:43:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A9MndA1JI0ds for <dnsop@ietfa.amsl.com>; Wed, 5 Mar 2014 03:43:19 -0800 (PST)
Received: from ppsw-41.csi.cam.ac.uk (ppsw-41-v6.csi.cam.ac.uk [IPv6:2001:630:212:8::e:f41]) by ietfa.amsl.com (Postfix) with ESMTP id 0F33D1A0484 for <dnsop@ietf.org>; Wed, 5 Mar 2014 03:43:18 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from [31.76.20.219] (port=56235) by ppsw-41.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:587) with esmtpsa (PLAIN:fanf2) (TLSv1:AES128-SHA:128) id 1WLAE3-0007zf-Ry (Exim 4.82_3-c0e5623) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 05 Mar 2014 11:43:11 +0000
References: <201403051107.s25B7ext069332@givry.fdupont.fr> <00de01cf3864$ec8f67e0$c5ae37a0$@rozanak.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <00de01cf3864$ec8f67e0$c5ae37a0$@rozanak.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <92ED94BD-5D64-430E-9F92-24AAC0BA47E1@dotat.at>
X-Mailer: iPhone Mail (11B651)
From: Tony Finch <dot@dotat.at>
Date: Wed, 5 Mar 2014 11:42:56 +0000
To: Hosnieh Rafiee <ietf@rozanak.com>
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/irDg4eMrDFAFG-QG5KMlb7OSTOA
Cc: "<dnsop@ietf.org>" <dnsop@ietf.org>
Subject: Re: [DNSOP] my dnse vision
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 11:43:21 -0000

> On 5 Mar 2014, at 11:20, "Hosnieh Rafiee" <ietf@rozanak.com> wrote:
> 
> Why don't we need confidentiality with open resolvers like google? 
> One might not like that anybody on his/her network knows what he is
> browsing. This is a part of privacy.

Right. Encrypting to distant resolvers has to be at least as important as local ones. The usual argument against encryption does not apply since there will be eavesdroppers who cannot also see the user's non-DNS traffic.

I think dnse is important because it removes an obstacle to putting interesting data in the DNS. At the moment your DNS traffic might reveal that you are doing email but not who with. If your MUA starts looking up PGP or S/MIME keys then privacy becomes a lot more important. Email is just an example; I am sure there are other really interesting uses for a more secure DNS.

Tony.
--
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/