> On 21 Aug 2019, at 19:21, Hollenbeck, Scott > <[email protected]> wrote: > >> -----Original Message----- >> From: dns-privacy <[email protected]> On Behalf Of Vladimír >> Cunát >> Sent: Monday, August 19, 2019 8:58 AM >> To: [email protected] >> Subject: [EXTERNAL] Re: [dns-privacy] Working Group Last Call for draft-ietf- >> dprive-rfc7626-bis >> >> Hello, >> >> I now read through the whole document, and I see one thing that might be a >> little bit confusing - the beginning of page three reads like QNAME >> minimization is not possible or at least never done, and contrary to >> rfc7626 itself it isn't even mentioned in the whole document. I would >> suggest to at least reduce the strength of the wording ("always"), and/or >> mention rfc7816. I don't have much data at hand, but I believe that some >> reduction of QNAMEs isn't as exotic as it used to be. > > Agreed, and I'll suggest a sentence (enclosed by **) for the end of the third > paragraph of the Introduction: > > "It is important, when analyzing the privacy issues, to remember that the > question asked to all these name servers is always the original question, not > a derived question. The question sent to the root name servers is "What are > the AAAA records for www.example.com?", not "What are the name servers of > .com?". By repeating the full question, instead of just the relevant part of > the question to the next in line, the DNS provides more information than > necessary to the name server. **In this simplified description, recursive > resolvers do not implement QNAME minimization as described in RFC 7816 > [RFC7816], which will only send the relevant part of the question to the > upstream name server.**”
Thanks very much for this text. I’m wondering about also referencing this study: https://labs.ripe.net/Members/wouter_de_vries/make-dns-a-bit-more-private-with-qname-minimisation <https://labs.ripe.net/Members/wouter_de_vries/make-dns-a-bit-more-private-with-qname-minimisation> which attempts to asses the deployment of QNAME minimisation to show it is actually being deployed in the wild? > > It may be more desirable to reference 7816bis, but that would add an > Internet-Draft reference dependency that folks might not want to add. Good point. I’d prefer to just reference RFC7816 unless anyone objects… Sara.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
