> On 3 Oct 2019, at 12:16, Vittorio Bertola > <[email protected]> wrote: > > > >> Il 27 settembre 2019 17:54 Sara Dickinson <[email protected]> ha scritto: >> >> I hope the changes address most of your concerns - please review and let me >> know. > > I went through the changes, and I like them - you did a really good job in > capturing my comments and more generally the recent development of the > discussion on privacy and DNS, doing it in a balanced way (I can tell because > I would have used more pointy language in a couple of places :-) ). So thanks > for this.
Thanks very much for this feed back - at this late stage I was trying to make sure the new text was something we could get consensus on from the WG :-) > > The only note I still have is on 3.5.1.3. The revised text seems to say that > blocking remote resolvers is either damaging or neutral for privacy, but in > some cases it could actually be beneficial. I did deliberately scope this section to just networks where the user privacy was compromised in someway : ‘...'when the local resolver does not offer encryption and/or has very poor privacy policies.” so the user had a justification for actively choosing a remote resolver to improve privacy in some way. > So we could add at the end of the first paragraph: > > "In some cases, networks might block access to remote resolvers for security > reasons, for example to cripple malware and bots or to prevent data > exfiltration methods that use encrypted DNS communications as transport; in > these cases, the block would actually increase the protection of the user's > privacy.” Can I modify the last bit of text slightly given the above context? "In some cases, networks might block access to remote resolvers for security reasons, for example to cripple malware and bots or to prevent data exfiltration methods that use encrypted DNS communications as transport. In these cases, if the network fully respects user privacy in other ways (i.e. encrypted DNS and good data handling policies) the block can serve to further protect user privacy by ensuring such security precautions.” WDYT? > > Apart from this, there might be a bit of beautifying to do here and there in > 3.5.1.1 (things like "application-specific" in place of "application > specific" or "the user's full knowledge" in place of "the users full > knowledge"... sorry for being grammar-nazi). I can do more proofreading > separately if you want. Mohamed Boucadair did a very good review with many such editorial improvements. I’m working on an update to incorporate those and I’ll do my best to catch the ones you mention and others like them. I’ll send you a link to the GitHub repo before I publish and if you have time for proofreading that would be great! Best regards Sara. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
