On Sat, Oct 25, 2014 at 7:04 PM, Phillip Hallam-Baker <[email protected]> wrote: > I think that we have to go back to the original goal, to reduce leakage of > information so that we only disclose where there is a need to know. > > The authoritative does not need to know who is making the request. > > The TLD does not need to know the complete query. > > At some point a recursive somewhere does need to know that a query is being > made. That puts client/resolver leakage in a different category to > client/authoritative.
Before DPRIV: anyone who owns the DNS box at an ISP can see all dns-queries go through, and know who made them. After: exactly the same. Why? Because we were lazy, and solved the easy problems instead of the worthwhile problems. > > > Yes protecting that data might warrant investigation. Yes, I and others can > suggest schemes that would provide that protection. No, this is not > costless. No this is not a low hanging fruit. No this should not be our > focus in DPRIV right now. So we shouldn't solve the problem we want to solve, because solving the problem we want to solve is hard, so we should solve the problem we can solve and fool ourselves into saying we wanted to solve it, and hope no one else notices? Put me down as thinking that this is a terrible idea. Sincerely, Watson Ladd > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy > -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
