Re: [dns-privacy] More detailed documentation required for an end user understanding

Mon, 16 May 2016 02:15:21 -0700 

Hi dear,I read the article in the given link. Although it discussed the issues 
in general, however, it does not discuss any privacy concerning issue 
particular to the DNS/DNSSEC. I request the community to kindly share the 
document discussing privacy issues particular to the DNS/DNSSEC query/response. 
It would be interesting to explicitly discuss the issue in the following 
scenarios:1) DNS/DNSSEC Query/Response over IPv4 without NAT2) DNS/DNSSEC 
Query/Response over IPv4 with NAT (May also be in nested NAT) 3) DNS/DNSSEC 
Query/Response over the IPv6 
If an attacker monitors the number of queries from a user then he certainly can 
profile the user behavior. And, this behavior analysis can lead to tracing the 
user even in the crowd, I mean if a user is behind the NAT. This profiling 
becomes easier if the user is using IPv6 without NAT. 
Still, I think that these scenarios should be explicitly discussed in the 
documents. That will lead to identify the actual vulnerabilities in the 
protocol and will help to devise the efficient security solution for it. In my 
opinion, proactively shutting down the doors probably is not a very good idea.  
 
Thanks.
Regards,Muhammad Yousaf,Riphah International University, Islamabad
https://sites.google.com/site/muhyousaf/
 

    On Sunday, May 15, 2016 12:17 AM, Melinda Shore <[email protected]> 
wrote:
 
 

 Hi, Tariq - where I think you're parting company with the working
group is in the belief that there must be some way of deriving
identity information from the surveilled data.  That's actually
not the case - for example, an observer should not be able to
determine what sort of material a user is reading, which websites
they're visiting, and so on.  In many cases an observer already
has identifying information or can get it, or can infer it from
metadata (see, for example, 
http://bits.blogs.nytimes.com/2015/01/29/with-a-few-bits-of-data-researchers-identify-anonymous-people/?_r=0).
So, you may want to reconsider your assumptions about the parameters
of the problem.

Melinda

_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy


 
  
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy

Reply via email to