Re: [perpass] DNS confidentiality
"Hosnieh Rafiee" <ietf@rozanak.com> Tue, 24 September 2013 21:08 UTC
Return-Path: <ietf@rozanak.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E95811E8167 for <perpass@ietfa.amsl.com>; Tue, 24 Sep 2013 14:08:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hlfvXsbyBLre for <perpass@ietfa.amsl.com>; Tue, 24 Sep 2013 14:08:52 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id D25B421F9B85 for <perpass@ietf.org>; Tue, 24 Sep 2013 14:08:47 -0700 (PDT)
Received: from kopoli (g225191241.adsl.alicedsl.de [92.225.191.241]) by mrelay.perfora.net (node=mrus3) with ESMTP (Nemesis) id 0Lee62-1WEcWt3CF4-00qAaR; Tue, 24 Sep 2013 17:08:23 -0400
From: Hosnieh Rafiee <ietf@rozanak.com>
To: 'Karl Malbrain' <malbrain@yahoo.com>
References: <524150C7.2020602@cs.tcd.ie> <1380054665.62304.YahooMailNeo@web125505.mail.ne1.yahoo.com>
In-Reply-To: <1380054665.62304.YahooMailNeo@web125505.mail.ne1.yahoo.com>
Date: Tue, 24 Sep 2013 23:08:14 +0200
Message-ID: <006a01ceb96a$335c1df0$9a1459d0$@rozanak.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_006B_01CEB97A.F6E95AC0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJOGj5UkWbfuDhxpmMKtaAoIXGv7QHKq7oDmMhJ/mA=
Content-Language: en-us
X-Provags-ID: V02:K0:c2HIEsLHBlNKj/wgZMQa277jaxckG1AGICfxmUwjZS+ 19KMlZMe3kUQLp7liElXg911UQk8b6Z3VJLuDN+Qmr0tc41YYa ztnLhNp8mxWBy9pbX7QclR1id6eFeK9eKoeSJ5fBdJOyVY8V9I lwYwJsVvzSdTQACdD11s6LyFZCicAZIUUWcDZ4jhuonD+AeZp/ z2oL34ZOuW0VtwTYqXtOPLTKsrFDi/NkjXB7K5Lgm18xCcfXpi J/PWK2nKNozb+4cxxDZsLhit/ksBCQ35PE4BjitUVl6jMoWSNZ ULfAgCUQ7jw6k+6xToZMOsKA64oCIf7IEtBlglI03x9/3Chyzh gsEwnjtxfV1baCGRy5Ic=
Cc: 'perpass' <perpass@ietf.org>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] DNS confidentiality
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 21:09:11 -0000
MITM attack can be prevented by signing the data. Please check cga-tsig draft. Hosnieh From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf Of Karl Malbrain Sent: Tuesday, September 24, 2013 10:31 PM To: Stephen Farrell; perpass Subject: Re: [perpass] DNS confidentiality To obviate the harvesting of meta-data, we do need a secure interface to DNS. MITM resistance (authentication) is also going to be required in DNS server connections. Maybe well known certificates for DNS servers incorporated into browser software Given the reluctance of browser writers to implement DANE, we're going to need something like encrypted QUIC available as a transport first. Karl Malbrain From: Stephen Farrell <stephen.farrell@cs.tcd.ie> To: perpass <perpass@ietf.org> Sent: Tuesday, September 24, 2013 1:43 AM Subject: [perpass] DNS confidentiality Hiya, I've not seen mention of this so far here that I recall. Even as we improve the security of loads of protocols, there will still be issues with meta-data monitoring based on DNS queries for example. This point was sort of raised on the IETF list e.g. in [1]. DNSSEC doesn't provide any confidentiality. There are proposals that do try do that. Do we think this is worth looking at? If so, anyone up for doing some work on that? If so, how, or starting from what? S. [1] http://www.ietf.org/mail-archive/web/ietf/current/msg82696.html _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Andy Wilson
- [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Paul Wouters
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Ben Laurie
- Re: [perpass] DNS confidentiality Mark Handley
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Joseph Lorenzo Hall
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Paul Wouters
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Phillip Hallam-Baker
- Re: [perpass] DNS confidentiality Phillip Hallam-Baker
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Phillip Hallam-Baker
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality manning bill
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Christian Huitema
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Ted Hardie
- Re: [perpass] DNS confidentiality Martin Thomson
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Ted Lemon
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Yoav Nir
- Re: [perpass] DNS confidentiality Christian Huitema
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Ondřej Surý
- Re: [perpass] DNS confidentiality Michael Richardson
- Re: [perpass] DNS confidentiality Ted Lemon
- Re: [perpass] DNS confidentiality Dan York
- Re: [perpass] DNS confidentiality Ted Hardie
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephen Farrell