Amelia Andersdotter <[email protected]> wrote: > > I have difficulties seeing how a user (within the meaning of individual > internet consumer) has any practical choice to other than to share PII > with a DNS provider?
Yes, me too. Since the overall topic is recursive -> authoritative, the questions imply some mechanism for the user to communicate their privacy policy to the recursive server, or perhaps it would be more useful for clients to ask the recursive server what its policies or capabilities are. But what happens when there is a mismatch? Specific information leaks that we might care about: * QNAME minimization or not? * EDNS client subnet or not? * Upstream encryption available or not? (asking for it to be required is a "break the Internet" switch so it doesn't make sense) And the points Amelia made about data management which I might recast more mechanically as: * Passive DNS logging on the upstream side? * Query logging on the client side? Some of this is stuff that a recursive server knows about itself, and could (reasonably easily) communicate to a client; some of it is about the deployment and setup around the server which it doesn't necessarily know (and I don't think it would be realistic to expect operators to configure their servers to say they are running packet captures on DNS traffic...) Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Dogger, Fisher, German Bight, Humber: West or northwest 4 backing southwest 5 to 7, occasionally gale 8 later except in Humber. Slight or moderate becoming moderate or rough, then very rough later in Fisher. Showers. Good. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
