Tariq Saraj wrote:
> The recursive resolver always resolves query on behalf of stub-resolver,
> thus I am still worried that why the scope of confidentiality for DNS
> messages is still a subject of interest.
In-server threats to privacy are explicitly described in the DNS Privacy
Considerations document (RFC 7626 ยง2.5), and the existence of in-server
threats are not a reason to fail to address on-the-wire threats. The
DPRIVE WG is chartered to address both on-the-wire and in-server
threats:
The primary focus of this Working Group is to develop mechanisms
that provide confidentiality between DNS Clients and Iterative
Resolvers, but it may also later consider mechanisms that provide
confidentiality between Iterative Resolvers and Authoritative
Servers, or provide end-to-end confidentiality of DNS transactions.
> As, privacy is mostly an individual specific issue, and the term Personally
> Identifiable Information (PII) is very specific, yet the scope is a subject
> of matter.
The lack of privacy in the DNS protocol is not an individual-specific
issue. It enables the "widespread attack" of "pervasive monitoring",
which the IETF has committed to mitigating (RFC 7258). This is a much
broader issue than the existence or disclosure of personally
identifiable data.
--
Robert Edmonds
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
