All,
Thanks for the feedback. Tim and I will add some milestones to the
proposed charter and get it to our illustrious AD for review/handling.Regards, Brian On 3/21/18 9:44 AM, Brian Haberman wrote: > Slightly updated text to capture a missing work item... > > https://github.com/DPRIVE/wg-materials/blob/master/dprive-charter-2.1.txt > > Regards, > Brian > > On 3/19/18 11:07 AM, Brian Haberman wrote: >> All, >> The chairs have been chatting with our AD about re-chartering the >> WG. The text below is our proposed charter that we will discuss in our >> session this week. >> >> Regards, >> Brian & Tim >> >> >> DPRIVE Charter 2.0 >> >> The DNS PRIVate Exchange (DPRIVE) Working Group develops mechanisms to >> provide confidentiality to DNS transactions in order to address concerns >> surrounding pervasive monitoring (RFC 7258). >> >> The set of DNS requests that an individual makes can provide an attacker >> with a large amount of information about that individual. DPRIVE aims >> to deprive the attacker of this information (The IETF defines pervasive >> monitoring as an attack [RFC7258]). >> >> The initial focus of this Working Group was the development of >> mechanisms that provide confidentiality and authentication between DNS >> Clients and Iterative Resolvers (published as RFCs 7858 and 8094). With >> proposed standard solutions for the client-to-iterative resolvers >> published, the working group turns its attention to the development of >> documents focused on: 1) providing confidentiality to DNS transactions >> between Iterative Resolvers and Authoritative Servers, and 2) measuring >> the performance of the proposed solutions against pervasive monitoring. >> Some of the results of this working group may be experimental. There are >> numerous aspects that differ between DNS exchanges with an iterative >> resolver and exchanges involving DNS root/authoritative servers. The >> working group will work with DNS operators and developers (via the DNSOP >> WG) to ensure that proposed solutions address key requirements. >> >> DPRIVE is chartered to work on mechanisms that add confidentiality to >> the DNS. While it may be tempting to solve other DNS issues while adding >> confidentiality, DPRIVE is not the working group to do this. DPRIVE >> will not work on any integrity-only mechanisms. Examples of the sorts >> of risks that DPRIVE will address can be found in [RFC 7626], and >> include both passive wiretapping and more active attacks, such as MITM >> attacks. DPRIVE will address risks to end-users' privacy (for example, >> which websites an end user is accessing). >> >> DPRIVE Work Items: >> >> - Develop requirements for adding confidentiality to DNS exchanges >> between recursive resolvers and authoritative servers (unpublished >> document). >> >> - Investigate potential solutions for adding confidentiality to DNS >> exchanges involving authoritative servers (Experimental). >> >> - Define, collect and publish performance data measuring effectiveness >> of DPRIVE-published technologies against pervasive monitoring attacks. >> >> >> >> _______________________________________________ >> dns-privacy mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dns-privacy >> > > > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
