If you want to comment on the proposed charter, note that comments should be sent to the IESG, not this mailing list.
Begin forwarded message: > From: The IESG <[email protected]> > Subject: WG Review: DNS PRIVate Exchange (dprive) > Date: October 3, 2014 at 10:38:35 AM PDT > To: IETF-Announce <[email protected]> > Reply-To: [email protected] > > A new IETF working group has been proposed in the Internet Area. The IESG > has not made any determination yet. The following draft charter was > submitted, and is provided for informational purposes only. Please send > your comments to the IESG mailing list (iesg at ietf.org) by 2014-10-13. > > DNS PRIVate Exchange (dprive) > ------------------------------------------------ > Current Status: Proposed WG > > Assigned Area Director: > Brian Haberman <[email protected]> > > > Charter: > > The DNS PRIVate Exchange (DPRIVE) Working Group develops mechanisms to > provide confidentiality to DNS transactions, to address concerns > surrounding pervasive monitoring (RFC 7258). > > > The set of DNS requests that an individual makes can provide an > attacker with a large amount of information about that individual. > DPRIVE aims to deprive the attacker of this information. (The IETF > defines pervasive monitoring as an attack [RFC7258]) > > > The primary focus of this Working Group is to develop mechanisms that > provide confidentiality between DNS Clients and Iterative Resolvers, > but it may also later consider mechanisms that provide confidentiality > between Iterative Resolvers and Authoritative Servers, or provide > end-to-end confidentiality of DNS transactions. Some of the results of > this working group may be experimental. > > > DPRIVE is chartered to work on mechanisms that add confidentiality to > the DNS. While it may be tempting to solve other DNS issues while > adding confidentiality, DPRIVE is not the working group to do this. > DPRIVE will not work on any integrity-only mechanisms. > > > Examples of the sorts of risks that DPRIVE will address can be found > in [draft-bortzmeyer-dnsop-dns-privacy], and include both passive > wiretapping and more active attacks, such as MITM attacks. DPRIVE will > address risks to end users’ privacy (for example, which websites an > end user is accessing). > > > > Some of the main design goals (in no particular order) are: > > > - Provide confidentiality to DNS transactions (for the querier). > > > - Maintain backwards compatibility with legacy DNS implementations. > > > - Require minimal application-level changes. > > > - Require minimal additional configuration or effort from applications or > users > > Milestones: > Dec 2014 - WG LC on an problem statement document > Mar 2015 - WG selects one or more primary protocol directions > Jul 2015 - WG LC on primary protocol directions > > _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
