On Fri 2018-12-14 11:47:58 -0800, Christopher Wood wrote: > On Dec 14, 2018, 10:47 AM -0800, Wes Hardaker <[email protected]>, wrote: >> [And, no, we shouldn't go down the road of "privacy requires you disable >> the cache"] > > Would you mind elaborating on this comment? As you observe, caches are > harmful to privacy. Refusal to disable the cache in any (?) > circumstance therefore seems dismissive of user privacy. Perhaps you > mean turning it off for every query is not a viable path forward?
I hope Wes will answer this question on his own, but i wanted to note
that privacy is not only harmed by caches. it can also be helped by
caches.
A query for any name will typically radiate *less* information into the
world if it's answered from a cache, simply because the resolver in
question doesn't create additional traffic.
In particular, if the cache is already well-populated, and queries are
padded appropriately, and the name is relatively likely to be in-cache,
then the only parties that know what was looked up are the client and
the resolver itself. No authoritative servers or network observers have
any additional information to distinguish the query from any other
cache-resolved query handled by the resolver.
So i don't think caching itself offers a clear benefit or harm for
privacy. One advantage of a resolver is that it effectively acts as a
mixing/semi-anonymizing agent on behalf of its users. Assuming that the
resolver itself is not compromised, it can buffer its users from the
authoritative servers.
--dkg
signature.asc
Description: PGP signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
