IETF Logo Mail Archive

Re: [perpass] DNS confidentiality

Paul Wouters <paul@cypherpunks.ca> Tue, 24 September 2013 21:11 UTC

Return-Path: <paul@cypherpunks.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B980B21F9228 for <perpass@ietfa.amsl.com>; Tue, 24 Sep 2013 14:11:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.478
X-Spam-Level:
X-Spam-Status: No, score=-2.478 tagged_above=-999 required=5 tests=[AWL=0.121, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mYTJG9H3tLwx for <perpass@ietfa.amsl.com>; Tue, 24 Sep 2013 14:11:03 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id D122421F8F2A for <perpass@ietf.org>; Tue, 24 Sep 2013 14:10:59 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3ckw6d4NB8z9Xn; Tue, 24 Sep 2013 17:10:49 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id zoOB-TwXpZlK; Tue, 24 Sep 2013 17:10:47 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Tue, 24 Sep 2013 17:10:47 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 98F668009E; Tue, 24 Sep 2013 17:10:47 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 682F58002E; Tue, 24 Sep 2013 17:10:47 -0400 (EDT)
Date: Tue, 24 Sep 2013 17:10:47 -0400
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: Karl Malbrain <malbrain@yahoo.com>
In-Reply-To: <1380054665.62304.YahooMailNeo@web125505.mail.ne1.yahoo.com>
Message-ID: <alpine.LFD.2.10.1309241708090.11401@bofh.nohats.ca>
References: <524150C7.2020602@cs.tcd.ie> <1380054665.62304.YahooMailNeo@web125505.mail.ne1.yahoo.com>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="iso-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] DNS confidentiality
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 21:11:17 -0000

On Tue, 24 Sep 2013, Karl Malbrain wrote:

> To obviate the harvesting of meta-data, we do need a secure interface to DNS.

It might help but giving people urls that will trigger dns requests for
tracking is pretty easy. Only something like tor might safeguard against
that.

> Given the reluctance of browser writers to implement DANE,  we're going to need something like encrypted QUIC available as a transport
> first.

There will be dane in browsers, once we ensure it is cheap 
enough on high latency devices. Eg see

http://tools.ietf.org/html/draft-wouters-edns-tcp-chain-query-00

It's easy to add anonymous IPsec to open resolvers (and I'm in the
process od doing so) but hiding DNS queries involves a lot more than
just encrypting queries.

Paul

v2.23.0 | Report a Bug | By Email