Hello. This is a useful document, thank you for working on it. I believe there is one fundamental aspect that you may want to consider and address. When I read this document it sometimes give me the impression that the only interesting attack to protect against are passive attacks. In contrast, the RFC 7258 description include active attacks as raising privacy concerns. From a security point of view this is totally obvious -- anyone being able to MITM your connection will be able to read the traffic unless you authentication/encrypt the channel. For example section 5.1 and 5.2 make me uncertain what your model really is. RFC 7258 is not only about passive attacks, and by ignoring active attackers you fail to address the problem of active attackers. I may have misunderstood the intent of your text, so you may not actually intend to say what I read into what you are saying. I believe it would clarify the document a lot to be more specific about what protection applies to passive attackers and what applies to active attackers.
/Simon > Dear DPRIVE(ers), > > Allison and I prepared a new revision of our evaluation document > incorporating an extensive list of issues raised by Tim Wicinski > (thanks Tim!) and the result is posted here: > > https://www.ietf.org/internet-drafts/draft-am-dprive-eval-02.txt > Status: https://datatracker.ietf.org/doc/draft-am-dprive-eval/ > Htmlized: https://tools.ietf.org/html/draft-am-dprive-eval-02 > Diff: > https://www.ietf.org/rfcdiff?url2=draft-am-dprive-eval-02 > > We are looking for further feedback from the community, so please > send us, or post your concerns on this thread. > > Regards! > Aziz > > --------- > Aziz Mohaisen, Assistant Professor > Department of CSE - SUNY Buffalo > 323 Davis Hall, Buffalo, NY 14260-2500, USA > Phone: 1 (716) 645-1592 > Fax: 1 (716) 645-3464 > > http://www.cse.buffalo.edu/~mohaisen/
pgpURouom_xc_.pgp
Description: OpenPGP digital signatur
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
