On Thu, Oct 31, 2019 at 11:24:45AM -0400, Tim Wicinski <[email protected]> wrote a message of 113 lines which said:
> This starts a Second Working Group Last Call for draft-ietf-dprive-bcp-op Background: I run a small (very small) public DoH and DoT resolver, and it has a DROP (a policy). If you want to read it, it is only in french: <https://doh.bortzmeyer.fr/policy>. I checked it against section 6 and appendix C. Executive summary: the draft is fine and useful and, IMHO, should be published. A few issues: * the first paragraph of section 4 should be deleted since the draft does not use RFC2119 (and rightly so), except one lonely SHOULD in section 5. * "A DNS privacy service must be engineered for high availability." I'm not in favor of this sentence. 1) It seems to despise small resolvers managed by small organisations, while we need many diverse DoT and DoH resolvers, to avoid centralisation 2) Today, Firefox, unfortunately, does not allow to add more than one DoH resolver, which makes the DoH resolver a very critical resource. But I hope that in the future, we will be able to configure several resolvers, with an efficient fallback, making the issue of availability less important. * DROP is not a perfect acronym since the draft does not talk only about privacy but also about integrity ("result filtering", aka lying resolvers). * "exporting DNS traffic from the resolver using e.g. dnstap" May be a reference to section 6.1.1 about sharing could be a good idea? Today, many existing policies say things like "we don't store logs for more than N weeks" but are silent on export/sharing... * "Aggressive Use of DNSSEC-Validated Cache [RFC8198] to reduce the number of queries to authoritative servers to increase privacy" RFC 8020 could be mentioned, too, for the same goal. * Appendix B is really good and useful. "The level of anonymization this [keeping a /24 for IPv4] produces is perhaps questionable" is certainly the understatement of the year :-) _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
