On Mon, Oct 20, 2014 at 06:10:08PM -0700,
Paul Vixie <[email protected]> wrote
a message of 383 lines which said:
> there are three points in the dns communication mesh where surveillance
> is possible:
> 1. stub to recursive
> 2. recursive to authoritative
> 3. zone maintainance
I am not happy with this list because it mixes two different types of
attackers (see RFC 6973, section 3.1, for terminology, and the
difference between attackers and observers): for #1, the DNS traffic
can be observed by a third-party sniffing the wire, or by the
recursor's operator. They call for different technical solutions
(encryption against sniffing, and may be running a local
resolver+cache on the user's machine to limit the amount of data
sent). Just saying "stub to recursive" is not sufficient.
> i see no benefit or need for secrecy since dns is a publication
> system -- if you don't want people to see your information, don't
> put it into the dns.
There is no problem about privacy of *data*. The problem is about
privacy of *requests*. The data in aa.org may be public, but the fact
I read it may be embarassing for me.
> there is no PII
*If* the user runs its own resolver *and* does not forward to a bigger
resolver, yes, there is PII.
> the data is in the DNS -- so it is by definition not intended to be
> secret.
It is well-known for a long time that public availability of data is
not the same as bulk access. When I walk in the streets of Paris, it
is public, anyone can see me, but I still would be very pissed off to
learn that someone has a complete access to a comprehensive list of
all my moves in the city.
> in that sense i would be alarmed to hear a proposal that the DNS
> protocol itself should add features to support secrecy or privacy,
> because that problem can be solved in the transport,
DNS has some specific privacy issues. A typical example is that DNS
involves other actors, that may be unknown from the user ("enablers",
in RFC 6973 parlance). For instance, if someone in France visits the
e-shop <http://www.voyages-sncf.com/>, since the e-shop and himself
are in France, he may have an expectation that everything is regulated
by national laws and he may be unaware or not fully aware that his DNS
requests go to a different country, with different laws. That's why it
is at least necessary to document these issues.
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
