From: Sara Dickinson <[email protected]> Sent: Friday, August 23, 2019 12:57 PM To: Hollenbeck, Scott <[email protected]> Cc: [email protected]; [email protected] Subject: [EXTERNAL] Re: [dns-privacy] Working Group Last Call for draft-ietf-dprive-rfc7626-bis
On 21 Aug 2019, at 19:21, Hollenbeck, Scott <[email protected]<mailto:[email protected]>> wrote: -----Original Message----- From: dns-privacy <[email protected]<mailto:[email protected]>> On Behalf Of Vladimír Cunát Sent: Monday, August 19, 2019 8:58 AM To: [email protected]<mailto:[email protected]> Subject: [EXTERNAL] Re: [dns-privacy] Working Group Last Call for draft-ietf- dprive-rfc7626-bis Hello, I now read through the whole document, and I see one thing that might be a little bit confusing - the beginning of page three reads like QNAME minimization is not possible or at least never done, and contrary to rfc7626 itself it isn't even mentioned in the whole document. I would suggest to at least reduce the strength of the wording ("always"), and/or mention rfc7816. I don't have much data at hand, but I believe that some reduction of QNAMEs isn't as exotic as it used to be. Agreed, and I'll suggest a sentence (enclosed by **) for the end of the third paragraph of the Introduction: "It is important, when analyzing the privacy issues, to remember that the question asked to all these name servers is always the original question, not a derived question. The question sent to the root name servers is "What are the AAAA records for www.example.com<http://www.example.com>?", not "What are the name servers of .com?". By repeating the full question, instead of just the relevant part of the question to the next in line, the DNS provides more information than necessary to the name server. **In this simplified description, recursive resolvers do not implement QNAME minimization as described in RFC 7816 [RFC7816], which will only send the relevant part of the question to the upstream name server.**” Thanks very much for this text. I’m wondering about also referencing this study: https://labs.ripe.net/Members/wouter_de_vries/make-dns-a-bit-more-private-with-qname-minimisation which attempts to asses the deployment of QNAME minimisation to show it is actually being deployed in the wild? [SAH] That seems reasonable. It may be more desirable to reference 7816bis, but that would add an Internet-Draft reference dependency that folks might not want to add. Good point. I’d prefer to just reference RFC7816 unless anyone objects… [SAH] A reference to 7816 is reasonable assuming that there’s little risk of significant specification deviation between it and 7816bis. That’s probably a reasonable assumption. Scott
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
