On 10/22/2014 1:34 PM, Paul Hoffman wrote: > On Oct 22, 2014, at 1:08 PM, Paul Ferguson <[email protected]> wrote: > >> I would also like to express my concern on the similar issues that Vix >> expressed here, but perhaps a dprive "implementation and architecture" >> document would be a good idea? > > The charter says: > > The Working Group will also > develop an evaluation document to provide methods for measuring the > performance against pervasive monitoring; and how well the goal is met. > The Working Group will also develop a document providing example > assessments for common use cases. > > To me, this fits what you are asking for, yes? > > (Note that PaulV indicated earlier that he had not been reading the list, and > therefore might not have read the charter.) > >> I am afraid that this efforts gets too far down the path before >> realizing how some implementation of the "privacy path" before realizing >> that the scheme breaks things like passive DNS collection. > > Passive DNS collection is done at recursive and authoritative servers. How > would encryption between the stub and its upstream recursive affect the > ability to collect passive DNS data? >
My concern here is in the "end-to-end" discussion, e.g. any obfuscation or encrypting DNS traffic in the path in number 2 below basically breaks pDNS: > > 1. stub to recursive > 2. recursive to authoritative > 3. zone maintainance > I may have misunderstood a portion of the discussion regarding "both ends of the end-to-end", but that's probably what I get for responding during a meeting. :-) Cheers, - ferg - ferg -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
