> The biggest problem I have with this paper is of terminology. No- I don't want every app to build in a resolver. Madness!
Think of it as a change under-the-hood to gethostbyname(). Same interface to the applications. But, underneath it doesn't go query whatever is in /etc/resolv.conf, but rather just walks the tree itself (to the extent needed, based on the cache). > Then, when it comes to privacy (the biggest problem with your > proposal), I strongly disagree with the way you get rid of the > problems by saying "we note that many users are willing to use open > shared resolvers (e.g., Google DNS) and are therefore comfortable with > directly attributable DNS requests arriving at a large third-party > network". This is propaganda, not science. Users use Google Public DNS > because their ISP's resolver is broken or slow, or because the ISP > censors <http://www.bortzmeyer.org/dns-routing-hijack-turkey.html> or > because the IP address is cool or simply because they feel that it's > Google so it must be nice. They never perform an assessment of the > public resolver privacy policy and practices, and they certainly don't > analyze the tradeoffs. Most users (even most IT professionals) have no > idea of the complex privacy issues associated with DNS. I understand you have probably thought this through more than I have. But, I have a couple of views here in addition to the above ... - Ultimately you're going to take the results of a DNS transaction and turn around and hit the given service with an application. So, while I may have been some nebulous "someone at ICSI" during the name lookup, once I make the TCP connection I am not so anonymous anymore. That does not apply to all cases, of course. I.e., I ask Verisign for google.com and then I TCP to Google and not Verisign. So, in this case I could remain "someone at ICSI" to Verisign if I used the shared resolver. - I think a rational way to look at this is the way we look at privacy more generally. If you communicate with someone then they'll know your IP. If you don't want that, take some explicit step to prevent it (e.g., use Tor). We get an obfuscation from shared resolvers now, but is that enough of a reason to keep them around? allman
pgpScm1GuXrlh.pgp
Description: PGP signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
