On Fri 2018-12-14 02:28:28 +0530, Mukund Sivaraman wrote:
> A resolver can respond to several queries without performing any
> upstream queries. As an example, take RFC 6761. Nothing can be inferred
> about a query simply because it didn't result in resolution.
yep, i agree with this in a principled sense. it is not *proven*.
But the adversaries in a privacy scenario aren't necessarily interested
in strong proof. Rather, they might be interested in "everyone who is
likely to have tried to resolve www.competitor.example" -- and if that
happens to sweep up a few accidental people in the targeting, that's ok.
So it's still a potential privacy leak if it's a strong likelihood (even
if not a proof).
Anyway, i recognize that the scenario i described is very much in a
degenerate case -- and might not have any reasonable mitigations. I
have *not* done any analysis of the larger, less-corner-y cases to see
whether there's a strong argument for or against treating data that came
in under confidential cover differently once it's in the cache.
I'd love to see someone try to tackle that analysis.
--dkg
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
