On Oct 26, 2014 8:09 AM, "Paul Hoffman" <paul.hoff...@vpnc.org> wrote: > > On Oct 25, 2014, at 7:35 PM, Watson Ladd <watsonbl...@gmail.com> wrote: > > Before DPRIV: anyone who owns the DNS box at an ISP can see all > > dns-queries go through, and know who made them. > > > > After: exactly the same. > > > > Why? Because we were lazy, and solved the easy problems instead of the > > worthwhile problems. > > Or: because we don't have the same threat model that you are proposing, and we want something deployable. Nothing in the current proposals prevents you from proposing your still-academic PIR proposals for a longer-term solution that applies to people who agree with your threat model.
The choice of threat model is really a question about what attackers can do. We know that untrusted network traffic can be read. (A truth DNS working groups have never accepted) The only solutions that come close to handling this are Qname minimization plus DNScurve. Why don't the people who have proposals explain what they can deal with and what they can't so we can judge? Furthermore, some PIR protocols amount to hashing together some records on the server. While not perfect, they can be deployed and do make things harder for attackers. > > --Paul Hoffman
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy