[secdir] E2MD BOF

Cullen Jennings <fluffy@cisco.com> Thu, 18 March 2010 02:03 UTC

Return-Path: <fluffy@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 150213A6807; Wed, 17 Mar 2010 19:03:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.729
X-Spam-Status: No, score=-109.729 tagged_above=-999 required=5 tests=[AWL=-0.260, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id xZXbShNNttPj; Wed, 17 Mar 2010 19:03:53 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com []) by core3.amsl.com (Postfix) with ESMTP id A8A2B3A68BD; Wed, 17 Mar 2010 19:03:52 -0700 (PDT)
Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEALMmoUurR7Ht/2dsb2JhbACbJnOfWJh3hHYEgxo
X-IronPort-AV: E=Sophos;i="4.51,262,1267401600"; d="scan'208";a="498539816"
Received: from sj-core-1.cisco.com ([]) by sj-iport-6.cisco.com with ESMTP; 18 Mar 2010 01:55:58 +0000
Received: from [] (rcdn-fluffy-8711.cisco.com []) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o2I1tvXF021796; Thu, 18 Mar 2010 01:55:57 GMT
From: Cullen Jennings <fluffy@cisco.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Impp: xmpp:cullenfluffyjennings@jabber.org
Date: Wed, 17 Mar 2010 19:55:56 -0600
Message-Id: <ECABA224-C533-43A6-A888-C0F8097A145B@cisco.com>
To: saag@ietf.org, secdir@ietf.org
Mime-Version: 1.0 (Apple Message framework v1077)
X-Mailer: Apple Mail (2.1077)
Subject: [secdir] E2MD BOF
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Mar 2010 02:03:54 -0000

The E2MD BOF is wrestling with some complicated issues around putting personal data about individuals in DNS (names, phones numbers etc). They are considering various approaches to constrain access to the private data. The leading contender as far as I can tell is to only run the DNS with the private data in a walled garden and make sure no one that should not see the data can query a server in the walled garden. One or two people have mentioned you might want to encrypt the private data and control access to the keys but that idea has not received much discussion. It seems to me like a possibility worth exploring a little. 

If anyone is interested or has spend time thinking about privacy of data in DNS, input from folks on this list would be valuable and I hope at least a few security folks can show up at the BOF. 

Thanks, Cullen

Mailing list archive at http://www.ietf.org/mail-archive/web/e2md/index.html