On 5/24/2020 10:43 AM, Paul Wouters wrote: > Let's assume we can connect to the .ca nameservers securely and > privately. We query for nohats.ca. If there is no DS, all bets > are off as the child cannot signal anything to us securely. If > there is a DS, we also got NS records, and possibly A/AAAA glue. > > In the case of getting A/AAAA glue, we can connect using DoT if > we knew this was an option (eg signaled in the DS record).
Paul, The privacy risks or gains depend on the "anonymity set", which in this case means "all the domains served by the DNS server to which the client is sending the query". Getting the data directly from a TLD server mixes the query in the anonymity set of that TLD server; getting the data from an authoritative server mixes the query in the anonymity set of that authoritative server. Which one is largest depends on circumstances. Is the anonymity set of .CA larger than that of Route 53, or Dyn DNS? This brings of course the complex relationship between privacy and centralization. One one hand, big services provide large anonymity sets. On the other hand, these big services can track queries to lots of domains. If the client really wants privacy, then maybe it should use ToR or some other mixer to hide its IP address, in which case the debate is moot. -- Christian Huitema _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
