On 10/22/14, Paul Hoffman <[email protected]> wrote: > On Oct 22, 2014, at 1:08 PM, Paul Ferguson <[email protected]> > wrote: > >> I would also like to express my concern on the similar issues that Vix >> expressed here, but perhaps a dprive "implementation and architecture" >> document would be a good idea? > > The charter says: > > The Working Group will also > develop an evaluation document to provide methods for measuring the > performance against pervasive monitoring; and how well the goal is met. > The Working Group will also develop a document providing example > assessments for common use cases. > > To me, this fits what you are asking for, yes? > > (Note that PaulV indicated earlier that he had not been reading the list, > and therefore might not have read the charter.) > >> I am afraid that this efforts gets too far down the path before >> realizing how some implementation of the "privacy path" before realizing >> that the scheme breaks things like passive DNS collection. > > Passive DNS collection is done at recursive and authoritative servers. How > would encryption between the stub and its upstream recursive affect the > ability to collect passive DNS data? >
The NSA does that all over the place... If you want someone to sniff and decrypt: Leak the state of your PRNG/keys to your collector. All the best, Jacob _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
