On Dec 14, 2018, 10:47 AM -0800, Wes Hardaker <w...@hardakers.net>, wrote: > Daniel Kahn Gillmor <d...@fifthhorseman.net> writes: > > > I have *not* done any analysis of the larger, less-corner-y cases to > > see whether there's a strong argument for or against treating data > > that came in under confidential cover differently once it's in the > > cache. > > Technically, it's near impossible to completely protect privacy unless > you don't use a cache. Imagine the case where someone goes to a coffee > shop first thing every morning that supports a TLS based resolver. > A second "customer" 5 minutes later can then perform queries to the > resolver (regardless of TLS or not) for a slew of names to find which > were "in cache" and responding quickly. You now know that person #1 > went to sites A, X and Y since they returned in < 5ms, but not the rest > of the alphabet which returned in > 5ms. > > However, I don't think this changes the nature of whether or not the > caches should be separate. If anything, it may argue for a shared cache > so that normal traffic from non-privacy protected lookups will mean > someone snooping caches for private-protected lookups won't know it came > from a TLS-based user. > > [And, no, we shouldn't go down the road of "privacy requires you disable > the cache"]
Would you mind elaborating on this comment? As you observe, caches are harmful to privacy. Refusal to disable the cache in any (?) circumstance therefore seems dismissive of user privacy. Perhaps you mean turning it off for every query is not a viable path forward? Relatedly, would per-query cache rules be an appropriate trade off? For example, sensitive queries could carry a “do not cache” flag, requiring the resolver to not cache any (or only some) of the answers used to produce a response. Best, Chris > > -- > Wes Hardaker > My Pictures: http://capturedonearth.com/ > My Thoughts: http://blog.capturedonearth.com/ > > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
