On Thu, Feb 26, 2015 at 03:13:19AM +0000, Stephen Farrell <[email protected]> wrote a message of 74 lines which said:
> One issue I don't think is covered well enough is the potential (I > don't know if this is actual) risk of re-identification via sets of > DNS queries. I assume you know draft-iab-privsec-confidentiality-threat, currently under review. In its -03 version, there are a lot of mentions of "inference", inference being defined as "information extracted from analysis of [raw information]". Isn't it sufficient, for draft-ietf-dprive-problem-statement, to mention the importance of inference and to add a reference to draft-iab-privsec-confidentiality-threat? > I think (more) explicitly calling out such threats would be a fine > thing. If there are studies that have quantified any of this then > referencing those would be great Do note draft-ietf-dprive-problem-statement-02 mentions these sort of risks in its section 3 and in the references [dns-footprint], [dagon-malware] and [darkreading-dns]. If it's not sufficient, more/better references are welcome. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
