Hi Hosnieh, On 28 August 2014 14:40, Hosnieh Rafiee <[email protected]> wrote: > Hi Marek, > > >> >> So, you're questioning the point of DNS >> privacy on the basis that it doesn't bring anything useful to the >> interested observer? > > Yes, as far as the TU 2,3 has access to all interesting traffics. > > >> Sure there's NAT, MITM can eavesdrop your other traffic and so on. But >> it is very real for TU2/3 to gather data on the auth/resolvers and use >> them as a forensic evidence, correlating them to other traffic, >> geolocation and traffic distribution, whois records etc. with a certain >> degree of confidence. >> People have started businesses with this sort of information. >> > > Do you have any statistics or any references that prove TU 2,3 tried > analyzing resolver traffics? > > In news, we just heard that some TUs sniffed the data. But do we know whether > they used any resolvers to do this sniff? If you have any valid sources, then > please share it. I am really interested to read them! > > I would agree on if you have a strong source of such news. > > Because I think it is not enough just assuming that they would use such > traffic. For having such assumption, you need a strong theory and strong > references to prove it. It might not need much prove or strong references > when it is a clear fact or seems to be reasonable. Because as I explained in > my long message, it complicates his analysis and doesn't seem to be > reasonable. So, in case they have access to the whole traffic, they can > easily sniff that traffic and whatever information you mentioned here, they > can easily obtain from that traffic (without the need of DNS traffic at all). > You are caring about geolocation information, well.. , the end user identity > is the same, and this is, of course, available in next flows without any need > to complicate this analysis.
No, I do not belong in TU 2/3 and I do not participate in any data misuse project. However, the collected data is provably valuable for some people (otherwise services like following wouldn't exist), if the data is valuable, then there's someone who desires it (be it a for a good or bad cause). This is "I don't know my neighbours, let's not lock the front door", regardless of whether you believe it or not. http://www.enyo.de/fw/software/dnslogger/first2005-paper.pdf https://www.iseclab.org/papers/bilge-ndss11.pdf https://www.farsightsecurity.com/Services/DNSDB/ > If you use Tor based approach for a client (end user) but not any DNS server, > it likely makes sense because a client or end user is the source of > interesting traffic not a resolver or any other DNS servers. In this case you > might also need to combine this approach with encryption or use exactly the > approach implemented by Tor (tunneling + the use of intermediate servers). > But this is not about DNS server traffic at all and this is about the privacy > of next traffic flows. > > This is why I think DNS privacy does not make sense. > > > If all next traffics are encrypted (end to end encryption) and TU is only > limited to DNS traffics, then DNS privacy makes sense. But this is of > course, a fancy scenario as today not all traffics are encrypted. If this > fancy scenario happens even in near future, then I presume that all traffics > would be encrypted including DNS traffic by the same way as the protection of > other end user's traffic. For example, the use of tunneling. > > > The problem is that you might hide first resolver source of traffic behind > several intermediate nodes, but you clearly did not hide the real end user > traffic. OK, as I've said, this does not prevent MITM sniffing on you (confidentiality problem), it makes you more anyonymous to name servers (anonymity problem). > >> Saying DNS traffic does not carry anything interesting is a bold claim, >> it might be true, it might be not. >> Regardless of how it is, I think that giving less information is always >> better, if the cost isn't too high, and I'm happy to discuss technical >> questions / ideas. > > The problem is that there is no strong proof behind the assumption that "DNS > traffic is useful for TU and DNS carries some meaningful information for TU". > If first, someone can prove it with real facts and references, then it would > be to be on a same page. > But all what I can see in this list or all what I can read in drafts are the > assumptions without any real facts. The assumption makes sense if one can > also easily prove it either theoretical or in real life. But, it doesn't make > sense when no one can prove it and unfortunately, here for prove, folks only > use new assumptions... Everyone only says as less information we provide to > TU, it is better. But what kind of information you are talking about? How > this information is useful for TU? Why TU needs them? Just some geolocation > information of the location of different resolvers (based on your concern)? > Let me give you an example. Resolver x in Munich receives many request for > google.com? so now ., .com,google.com knows that this resolver asked this > request. What does it show you? What do you want to conclude from this data? > Now presume that you hided resolver x behind resolver y and resolver y is > located in Paris. Now resolver y asks for google.com. ., .com and google.com > DNS servers now know that resolver y is looking for google.com. again what do > you want to conclude from this data? You want to conclude that people in > Paris search google a lot? What is it important about this and why it is > difference to people from Munich search a lot on google and not paris. > > > What does it show you? The people in location x or y search google a lot? > Ok... you could gather this information from google statistics as well... > what else? > > So why TU wanted to do so? TU have no information of what users in Munich > searched (the data content) if they do not analyze next traffics. So, when > they suppose to do so, again why should they bother themselves to look for > this data? That's obviously uninteresting example. Say we have a newly registered domains with abusive content, whois data a and map of resolver traffic to those domains. The domain are quickly taken down, but the more you observe, the more you know who/when/where is interested in those domains and correlate it to other data. The name servers are centralized source of information of such data and tell you where to look for the other, possibly incriminating traffic. > > is it what you want to hide? Tell me please what this information gives, it > appears that there is no thought about whether or not this information is > useful for TU and make sense for him to spend time and energy for such > analysis and whether or not TU already has other and better sources for > gathering the same information precisely. > > About your approach, it is not only problem of cost, it is performance and > more importantly the question of its benefit. > > Best, > Hosnieh Let's see, we have a grid of 1-N caching resolvers. Each query is likely to be answered from cache, but if it isn't, it has roughly 4 recursive sub-queries to authoritative nameservers. If those four subquestions are bounced 0-2 times, we have 0-2 roundtrips. Is that too much? Maybe, but it may be a service as well. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
