Re: [DNSOP] private-use in-meeting chat comments
Tony Finch <dot@dotat.at> Fri, 20 November 2020 00:10 UTC
Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF2273A0E52; Thu, 19 Nov 2020 16:10:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t1wuGy9noGz4; Thu, 19 Nov 2020 16:10:15 -0800 (PST)
Received: from ppsw-40.csi.cam.ac.uk (ppsw-40.csi.cam.ac.uk [131.111.8.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45CB43A0E4B; Thu, 19 Nov 2020 16:10:15 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:46226) by ppsw-40.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.138]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1kfu0D-000WzX-m4 (Exim 4.92.3) (return-path <dot@dotat.at>); Fri, 20 Nov 2020 00:10:13 +0000
Date: Fri, 20 Nov 2020 00:10:13 +0000
From: Tony Finch <dot@dotat.at>
To: Eric Orth <ericorth=40google.com@dmarc.ietf.org>
cc: "dnsop@ietf.org WG" <dnsop@ietf.org>, Brian Dickson <brian.peter.dickson@gmail.com>
In-Reply-To: <CAMOjQcEO=qQhk8y4u7e7oVRfqH_YiaDg9=oZVxD4vkrNR1SKnQ@mail.gmail.com>
Message-ID: <alpine.DEB.2.20.2011200001260.26481@grey.csi.cam.ac.uk>
References: <CAH1iCirk5X9xOFmABQU9X9G92eQrePPuOwgXVHd4zza4kK9SwA@mail.gmail.com> <alpine.DEB.2.20.2011172127200.9850@grey.csi.cam.ac.uk> <CAMOjQcEO=qQhk8y4u7e7oVRfqH_YiaDg9=oZVxD4vkrNR1SKnQ@mail.gmail.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zAUEtaZ6iY2e7Yed9IDSI1KZqKs>
Subject: Re: [DNSOP] private-use in-meeting chat comments
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2020 00:10:17 -0000
Eric Orth <ericorth=40google.com@dmarc.ietf.org> wrote: > On Tue, Nov 17, 2020 at 4:46 PM Tony Finch <dot@dotat.at> wrote: > > > > There's also a privacy leak: if you assign a unique subdomain then when a > > device roams and leaks queries for the private domain, the device can be > > tracked and correlated with other devices that use the same private > > domain. > > > > What if, in whatever hypothetical solution is using this, it is reasonable > for devices to always regenerate the names they are using on changing > networks? At least in such hypothetical cases, it seems the privacy danger > would be significantly mitigated, right? (Maybe we're getting too far into > unknown hypotheticals without finding actual usecases or implementors that > want this.) Ah, oops, I need to clarify: the private domain might be a per-CPE domain or an enterprise internal domain; the device is someone's phone or laptop which roams between multiple networks. The private domain is handed to the roaming device, and the device doesn't know (isn't told, and can't be told with current protocols) that the domain name is supposed to be private to the network. So the device is likely to keep asking about names of services in the private domain regardless of the network it is connected to, and thereby leak private information. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Southeast Iceland: Southeasterly 6 to gale 8, decreasing 4 or 5, then becoming cyclonic 7 to severe gale 9, occasionally storm 10 later in south. Rough or very rough, becoming high or very high later in south. Rain, squally showers later. Moderate or good, becoming moderate or poor.
- [DNSOP] private-use in-meeting chat comments Brian Dickson
- Re: [DNSOP] private-use in-meeting chat comments Eric Orth
- Re: [DNSOP] private-use in-meeting chat comments Tony Finch
- Re: [DNSOP] private-use in-meeting chat comments Brian Dickson
- Re: [DNSOP] private-use in-meeting chat comments Tony Finch
- Re: [DNSOP] private-use in-meeting chat comments Eric Orth
- Re: [DNSOP] private-use in-meeting chat comments Tony Finch
- Re: [DNSOP] private-use in-meeting chat comments Stephane Bortzmeyer