Re: [DNSOP] my dnse vision
Francis Dupont <Francis.Dupont@fdupont.fr> Wed, 05 March 2014 13:27 UTC
Return-Path: <Francis.Dupont@fdupont.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 378091A0072 for <dnsop@ietfa.amsl.com>; Wed, 5 Mar 2014 05:27:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.099
X-Spam-Level:
X-Spam-Status: No, score=-4.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, HELO_EQ_FR=0.35, RP_MATCHES_RCVD=-0.547, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HEd2W2OneAmC for <dnsop@ietfa.amsl.com>; Wed, 5 Mar 2014 05:27:54 -0800 (PST)
Received: from givry.fdupont.fr (givry.fdupont.fr [IPv6:2001:41d0:1:6d55:211:5bff:fe98:d51e]) by ietfa.amsl.com (Postfix) with ESMTP id 8A77D1A0041 for <dnsop@ietf.org>; Wed, 5 Mar 2014 05:27:54 -0800 (PST)
Received: from givry.fdupont.fr (localhost [127.0.0.1]) by givry.fdupont.fr (8.14.3/8.14.3) with ESMTP id s25DRniD078152; Wed, 5 Mar 2014 14:27:50 +0100 (CET) (envelope-from dupont@givry.fdupont.fr)
Message-Id: <201403051327.s25DRniD078152@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: Hosnieh Rafiee <ietf@rozanak.com>
In-reply-to: Your message of Wed, 05 Mar 2014 12:20:33 +0100. <00de01cf3864$ec8f67e0$c5ae37a0$@rozanak.com>
Date: Wed, 05 Mar 2014 14:27:49 +0100
Sender: Francis.Dupont@fdupont.fr
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/v50AwVxG54nYrx4PU15bgm_gte8
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] my dnse vision
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 13:27:59 -0000
In your previous mail you wrote: > > Or with other words you don't need confidentiality with 8.8.8.8 > > Why don't we need confidentiality with open resolvers like google? => because the goal is not confidentiality at the level a Microsoft environment needs (because Microsoft adopted and extended DNS with far stronger security requirement) but to make 3 letter agencies (4 letters in France) the global surveillance more expensive. And I don't trust Google for this (nor to pay its taxes :-). > One might not like that anybody on his/her network knows what he is > browsing. This is a part of privacy. => IMHO this is more the second problem. Note I consider too you want your "own" DNSSEC validating resolver too. > > 3- the solution MUST work without prior arrangements > > Probably you need a miracle. Because with no arrangement, I do not think it > is possible. => Michael Richardson's opportunistic encryption shows it is possible. BTW what we want is really opportunistic encryption as defined in Wikipedia (so don't object there are at least 3 OE at the IETF :-). > If you use a weak approach, IMHO, it is better to forget encryption since > you do not know how powerful an attacker can be and you only bother your > computer. => not my computer, my resolver. And the goal is not strict/strong privacy which BTW is impossible because 3/4 letter agencies can anyway ask for .com or .fr server logs. Personally I don't like the idea of DNS encryption but because I don't want to give a reason to ISPs to filter port 53. Regards Francis.Dupont@fdupont.fr
- Re: [DNSOP] my dnse vision Tim Wicinski
- Re: [DNSOP] my dnse vision Hosnieh Rafiee
- Re: [DNSOP] my dnse vision Miek Gieben
- Re: [DNSOP] my dnse vision Francis Dupont
- Re: [DNSOP] my dnse vision Tony Finch
- Re: [DNSOP] my dnse vision Dan York
- Re: [DNSOP] my dnse vision Tony Finch
- Re: [DNSOP] my dnse vision Olafur Gudmundsson
- Re: [DNSOP] my dnse vision Tim Wicinski
- Re: [DNSOP] my dnse vision Francis Dupont
- [DNSOP] my dnse vision Francis Dupont
- [DNSOP] QUIC for DNS confidentiality (Was: my dns… Stephane Bortzmeyer
- Re: [DNSOP] my dnse vision Stephane Bortzmeyer
- Re: [DNSOP] my dnse vision Stephane Bortzmeyer
- Re: [DNSOP] my dnse vision Stephane Bortzmeyer
- Re: [DNSOP] my dnse vision Francis Dupont
- Re: [DNSOP] my dnse vision Stephane Bortzmeyer
- Re: [DNSOP] my dnse vision Stephane Bortzmeyer
- Re: [DNSOP] my dnse vision Jelte Jansen
- Re: [DNSOP] my dnse vision Olafur Gudmundsson
- Re: [DNSOP] my dnse vision Wessels, Duane
- Re: [DNSOP] my dnse vision Tony Finch
- Re: [DNSOP] QUIC for DNS confidentiality (Was: my… Tim Wicinski
- Re: [DNSOP] my dnse vision Stephane Bortzmeyer
- Re: [DNSOP] my dnse vision Stephane Bortzmeyer
- Re: [DNSOP] my dnse vision Stephane Bortzmeyer
- Re: [DNSOP] my dnse vision Jelte Jansen
- Re: [DNSOP] deploying security Francis Dupont
- Re: [DNSOP] my dnse vision Evan Hunt
- Re: [DNSOP] my dnse vision Hosnieh Rafiee
- Re: [DNSOP] my dnse vision Stephane Bortzmeyer
- Re: [DNSOP] my dnse vision Evan Hunt
- Re: [DNSOP] my dnse vision Tony Finch
- Re: [DNSOP] my dnse vision Phillip Hallam-Baker
- Re: [DNSOP] my dnse vision Tony Finch
- Re: [DNSOP] my dnse vision Phillip Hallam-Baker
- Re: [DNSOP] my dnse vision Tony Finch
- Re: [DNSOP] my dnse vision Mark Andrews