IETF Logo Mail Archive

Re: [perpass] DNS confidentiality

Stephane Bortzmeyer <bortzmeyer@nic.fr> Sun, 29 September 2013 18:28 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3302211E813A for <perpass@ietfa.amsl.com>; Sun, 29 Sep 2013 11:28:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W-6mkrXb-KOi for <perpass@ietfa.amsl.com>; Sun, 29 Sep 2013 11:28:10 -0700 (PDT)
Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [217.70.190.232]) by ietfa.amsl.com (Postfix) with ESMTP id F3DE111E8131 for <perpass@ietf.org>; Sun, 29 Sep 2013 11:28:08 -0700 (PDT)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id 0B4293B622; Sun, 29 Sep 2013 18:28:07 +0000 (UTC)
Received: by mail.sources.org (Postfix, from userid 1000) id 445FE190749; Sun, 29 Sep 2013 20:28:04 +0200 (CEST)
Date: Sun, 29 Sep 2013 20:28:04 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Karl Malbrain <malbrain@yahoo.com>
Message-ID: <20130929182804.GA20577@sources.org>
References: <524150C7.2020602@cs.tcd.ie> <1380054665.62304.YahooMailNeo@web125505.mail.ne1.yahoo.com> <006a01ceb96a$335c1df0$9a1459d0$@rozanak.com> <1380137874.48631.YahooMailNeo@web125502.mail.ne1.yahoo.com> <005901ceba2a$f854c1a0$e8fe44e0$@rozanak.com> <1380218914.85280.YahooMailNeo@web125502.mail.ne1.yahoo.com> <003901cebba5$b2762c10$17628430$@rozanak.com> <1380307285.91976.YahooMailNeo@web125501.mail.ne1.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1380307285.91976.YahooMailNeo@web125501.mail.ne1.yahoo.com>
X-Transport: UUCP rules
X-Operating-System: Debian GNU/Linux 7.1
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: 'perpass' <perpass@ietf.org>, Hosnieh Rafiee <ietf@rozanak.com>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] DNS confidentiality
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Sep 2013 18:28:15 -0000

On Fri, Sep 27, 2013 at 11:41:25AM -0700,
 Karl Malbrain <malbrain@yahoo.com> wrote 
 a message of 138 lines which said:

> I'm concerned about three DNS security problems:

You're not concerned about the fact that DNS servers (your resolver,
and the authoritative name servers) get a lot of data and can misuse
it? It seems to be that it is one of the main weaknesses of DNS, when
it comes to confidentiality. A big public resolver, like OpenDNS or
Google Public DNS (both located in PRISMland) can learn a lot of
things about its users (this has been used often to detect malware,
only from its DNS requests, but it could be used for more sinister
purposes). A big TLD (say, for example, .com, also located in
PRISMland) can also learn a lot.

And no amount of cryptographe between the client and this server will
help.

v2.23.0 | Report a Bug | By Email