[secdir] [new-work] WG Review: DNS PRIVate Exchange (dprive)

IESG Secretary <iesg-secretary@ietf.org> Fri, 03 October 2014 17:40 UTC

Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 269C91A87A2; Fri, 3 Oct 2014 10:40:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1412358005; bh=BMpctBMKTX7p9zCaxK5xNbunpRX+La9eckoSAEKQbg0=; h=MIME-Version:From:To:Message-ID:Date:Subject:Reply-To:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=umfF/dfAP3BVZ3csaU+VvIoDWwwAft3VEgoKv7nGQJOFRk6wM9W8Su9vWgeuHuawE HQMdnqMV6QUuwCuLbI5RVhrm+1Ag2FYVDgDQMX6IG8iom6MZW8IgI4THQdTYjQYoTt C6/J1T+WF2R1Jx9+dYoAHERLsENxJ7F4HYkh19FU=
X-Original-To: new-work@ietfa.amsl.com
Delivered-To: new-work@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 655141A87A4; Fri, 3 Oct 2014 10:39:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x0ZwvVN1qaNQ; Fri, 3 Oct 2014 10:39:55 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 031511A8034; Fri, 3 Oct 2014 10:39:55 -0700 (PDT)
MIME-Version: 1.0
From: IESG Secretary <iesg-secretary@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.3.p3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20141003173955.20486.44674.idtracker@ietfa.amsl.com>
Date: Fri, 03 Oct 2014 10:39:55 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/new-work/MIPdE2C7QAG0mqdZOvtaUMt4y-g
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.15
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: new-work-bounces@ietf.org
Sender: "new-work" <new-work-bounces@ietf.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/GPzasoF0KcXmzlEz4fKV4DDFCLA
X-Mailman-Approved-At: Fri, 03 Oct 2014 10:46:02 -0700
Subject: [secdir] [new-work] WG Review: DNS PRIVate Exchange (dprive)
X-BeenThere: secdir@ietf.org
Reply-To: iesg@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Oct 2014 17:40:05 -0000

A new IETF working group has been proposed in the Internet Area. The IESG
has not made any determination yet. The following draft charter was
submitted, and is provided for informational purposes only. Please send
your comments to the IESG mailing list (iesg at ietf.org) by 2014-10-13.

DNS PRIVate Exchange (dprive)
------------------------------------------------
Current Status: Proposed WG

Assigned Area Director:
  Brian Haberman <brian@innovationslab.net>


Charter:

The DNS PRIVate Exchange (DPRIVE) Working Group develops mechanisms to
provide confidentiality to DNS transactions, to address concerns
surrounding pervasive monitoring (RFC 7258).


The set of DNS requests that an individual makes can provide an
attacker with a large amount of information about that individual.
DPRIVE aims to deprive the attacker of this information. (The IETF
defines pervasive monitoring as an attack [RFC7258])


The primary focus of this Working Group is to develop mechanisms that
provide confidentiality between DNS Clients and Iterative Resolvers,
but it may also later consider mechanisms that provide confidentiality
between Iterative Resolvers and Authoritative Servers, or provide
end-to-end confidentiality of DNS transactions. Some of the results of
this working group may be experimental.


DPRIVE is chartered to work on mechanisms that add confidentiality to
the DNS. While it may be tempting to solve other DNS issues while
adding confidentiality, DPRIVE is not the working group to do this.
DPRIVE will not work on any integrity-only mechanisms.


Examples of the sorts of risks that DPRIVE will address can be found
in [draft-bortzmeyer-dnsop-dns-privacy], and include both passive
wiretapping and more active attacks, such as MITM attacks. DPRIVE will
address risks to end users’ privacy (for example, which websites an
end user is accessing).



Some of the main design goals (in no particular order) are:


- Provide confidentiality to DNS transactions (for the querier).


- Maintain backwards compatibility with legacy DNS implementations.


- Require minimal application-level changes.


- Require minimal additional configuration or effort from applications or
users

Milestones:
  Dec 2014 - WG LC on an problem statement document
  Mar 2015 - WG selects one or more primary protocol directions
  Jul 2015 - WG LC on primary protocol directions

_______________________________________________
new-work mailing list
new-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work