Re: [Resolverless-dns] Paper on Resolver-less DNS

"John Levine" <johnl@taugh.com> Sun, 18 August 2019 16:24 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: resolverless-dns@ietfa.amsl.com
Delivered-To: resolverless-dns@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3A3120111 for <resolverless-dns@ietfa.amsl.com>; Sun, 18 Aug 2019 09:24:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=nTVoizKo; dkim=pass (1536-bit key) header.d=taugh.com header.b=bySED5Cj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8apnwHkNMqPn for <resolverless-dns@ietfa.amsl.com>; Sun, 18 Aug 2019 09:24:03 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9850B120091 for <resolverless-dns@ietf.org>; Sun, 18 Aug 2019 09:24:03 -0700 (PDT)
Received: (qmail 40179 invoked from network); 18 Aug 2019 16:24:01 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=9cf1.5d597ba1.k1908; i=printer-iecc.com@submit.iecc.com; bh=x9y/7+a+H0nibsYd6eQRswA/ngU7Y+H0Iq3TYMIQhqg=; b=nTVoizKoeIsFE7hr/QTyZHv4SLtvqIFr2bh+BEv1iZxuuHXOR8WSmd1V9WD/zQkPneQsVAqs2+Z4h92TsG50qfM0a948/otOkWyuWFo1Khq/qh6nbHu6zROaZYtGtjdmBcgsQPwTAirgjPRm4FgqjvRCR0O8OqJT4073ASKeU1pyUCkvYwLeLZ4+7TkQOqHdCRANoxHa5mZ02gosxYRQVKTFMQtHPCgUPgQA053iy87VBuZVqG9dUKiOm+bVZreY
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=9cf1.5d597ba1.k1908; olt=printer-iecc.com@submit.iecc.com; bh=x9y/7+a+H0nibsYd6eQRswA/ngU7Y+H0Iq3TYMIQhqg=; b=bySED5CjXxxrZXHJNatIPGXLZlYJA45+2OZDE4sdLB+yV6avG93w5TMWFcRhp2St4oUET9Cw6I8fDGRKkKW++s4Jsghz+rVXObQc74BhxmkeglLzfpb2UTap8DIQA5ekWq/cd7sXS9lCTVN6JLhT3q/Ay+NQO7jv/3d8rNhT0yMQsU+18iW8yy0EoWiQR+oUhPffZy9I/ATltE7ABU/gSystHcnIKRaCb8WPKC5vPKOOYFxUwQJ/s1PJZBiGxFYT
Received: from ary.qy ([64.246.232.221]) by imap.iecc.com ([64.57.183.75]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP; 18 Aug 2019 16:24:01 -0000
Received: by ary.qy (Postfix, from userid 501) id 069CB87313A; Sun, 18 Aug 2019 12:24:00 -0400 (EDT)
Date: Sun, 18 Aug 2019 12:24:00 -0400
Message-Id: <20190818162401.069CB87313A@ary.qy>
From: John Levine <johnl@taugh.com>
To: resolverless-dns@ietf.org
Cc: sy@informatik.uni-hamburg.de
In-Reply-To: <fe3af997-096d-82e8-b9c5-7e6c17558514@informatik.uni-hamburg.de>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/resolverless-dns/4ZGfLJz7EBYGHeVolqVlOOQ1csc>
Subject: Re: [Resolverless-dns] Paper on Resolver-less DNS
X-BeenThere: resolverless-dns@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Resolverless DNS <resolverless-dns.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/resolverless-dns/>
List-Post: <mailto:resolverless-dns@ietf.org>
List-Help: <mailto:resolverless-dns-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Aug 2019 16:24:05 -0000

In article <fe3af997-096d-82e8-b9c5-7e6c17558514@informatik.uni-hamburg.de> you write:
>The privacy problem is that a significant share of DNS resolvers monitor
>the users' online activities, aggregate these data in user profiles and
>use these profiles within behavioral advertising or share these user
>profiles with other parties. Here [1], you can find a comparative
>analysis of public DNS resolver privacy policies substantiating my claims.

I took a look at that paper, written by two grad students.  If I were
their advisor I would have handed it back to them and told them to
talk to some people who understand the topic so they could fix the
many painful factual errors.  They got the whole WHOIS GDPR fight
backward, and made the rather large leap assuming that every word in,
say, Google's generic privacy policy applies to queries to 8.8.8.8.
What does it mean to have an account with a DNS resolver?

I'm not saying that there are no issues, but this paper is not a
useful discussion of them.

R's,
John