DPRIVE-ites, Please take a look at a new individual internet-draft we will introduce at the Montreal DPRIVE meeting, targeted eventually for Experimental.
Its novelty is that it meets a strong privacy goal: that no single party should be able to associate DNS queries with a client IP address that issues those queries. We are looking forward to all comments and reviews both in email in and in person. Thanks! Nick and Allison for the authors > A new version of I-D, draft-annee-dprive-oblivious-dns-00.txt > has been successfully submitted by Allison Mankin and posted to the > IETF repository. > > Name: draft-annee-dprive-oblivious-dns > Revision: 00 > Title: Oblivious DNS - Strong Privacy for DNS Queries > Document date: 2018-07-02 > Group: Individual Submission > Pages: 11 > URL: https://www.ietf.org/internet- > drafts/draft-annee-dprive-oblivious-dns-00.txt > Status: https://datatracker.ietf.org/ > doc/draft-annee-dprive-oblivious-dns/ > Htmlized: https://tools.ietf.org/html/d > raft-annee-dprive-oblivious-dns-00 > Htmlized: https://datatracker.ietf.org/ > doc/html/draft-annee-dprive-oblivious-dns > > > Abstract: > Recognizing the privacy vulnerabilities associated with DNS queries, > a number of standards have been developed and services deployed that > that encrypt a user's DNS queries to the recursive resolver and thus > obscure them from some network observers and from the user's Internet > service provider. However, these systems merely transfer trust to a > third party. We argue that no single party should be able to > associate DNS queries with a client IP address that issues those > queries. To this end, this document specifies Oblivious DNS (ODNS), > which introduces an additional layer of obfuscation between clients > and their queries. To accomplish this, ODNS uses its own > authoritative namespace; the authoritative servers for the ODNS > namespace act as recursive resolvers for the DNS queries that they > receive, but they never see the IP addresses for the clients that > initiated these queries. The ODNS experimental protocol is > compatible with existing DNS infrastructure. >
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
