Can you be more specific on your bullet list? What I mean is that this
list seems covered in "Threat Model and Problem Statement" so I am
wondering what gaps there may be there, if any. Perhaps just ensuring
you are talking to the correct/intended server (the cert issue you
note)?
It seems to me there's a bunch of threats that don't overlap very much,
and what you do depends on what threats you think are important, e.g.. how
much you care who you're talking to vs. who might be observing on the
side. Tossing all the threats into one pot and trying to solve them all
at the same time doesn't strike me as a path to success.
I don't think I have any new threats there, but I do think it's worth
separating them into groups that can be addressed by particular
techniques.
On 10/29/19, 3:08 PM, "dns-privacy on behalf of John Levine"
<[email protected] on behalf of [email protected]> wrote:
In article
<CAOdDvNoUhskQ_x5LWLpuVBy6JoZK03SLfR=njct0bnkgxip...@mail.gmail.com> you write:
>
>I appreciate the authors kicking off the effort with this draft that
>proposes phase 2 requirements.
As do I, but it still needs a lot of work.
One thing that would help me a lot is matching up the features with
what problem they're supposed to solve.
* Keeping specific people from seeing your query stream (e.g., your ISP)
* Keeping random snoopers from seeing your query stream
* The above for particular parts of your query stream, e.g. 2LDs
* Being sure you're talking to the right server (the certificate issue)
* Other stuff?
Depending on what your goal is, you might mix and match other techniques
like local mirroring of zones, at least ones that aren't too huge.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
