On Fri, Feb 27, 2015 at 7:28 AM, Stephane Bortzmeyer <[email protected]> wrote: > On Fri, Feb 27, 2015 at 11:53:27AM +0000, > Stephen Farrell <[email protected]> wrote > a message of 55 lines which said: > >> How's about adding something like: >> >> 2.6 Re-identification > > OK for me, thanks for the text. Any advice from the WG? (I don't want > to make important changes in the middle of a WGLC if there is no > consensus.)
<no hats> Sounds good to me... We've also been somewhat avoiding (or, we mention it every now and then but generally agree we cannot solve it) the timing side channel. If you can: A: watch the queries going into a DPRIVE recursive nameserver and B: watch the queries that it is making and C: the nameserver is not overly busy (whatever that means) and D: the query being looked up is not already in cache. you can figure out what the user queried for. i.e: I see user 192.0.2.12 make an encrypted query. 0.8ms later the nameserver initiates a query for www.example.com. Hmmm, wonder what caused that... I don't have any suggested text, nor do I know if anything should go in *this* doc, but if we mention the pattern attack, perhaps we should mention timing as well? W </no hats> > > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
