> On Nov 21, 2018, at 10:11 AM, Sara Dickinson <[email protected]> wrote: > > > >> On 21 Nov 2018, at 10:58, Alissa Cooper <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> >>> On Nov 20, 2018, at 9:01 PM, Joe Abley <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi Alissa! >>> >>> On Nov 20, 2018, at 20:18, Alissa Cooper <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>>> I support Benjamin's first DISCUSS point. In addition to documenting the >>>> privacy considerations, I think it's important for this document to be >>>> crystal >>>> clear about who is meant to be doing the data collection -- namely, the >>>> server >>>> operator. There are some statements in the document that otherwise could be >>>> construed to be encouraging third-party passive monitoring of DNS traffic >>>> without explaining why, which seems like a problem: >>> >>> I think it may be worth exploring why that's a problem. >>> >>> I think a capture format should be oblivious to the circumstances of >>> the capture; >> >> Ok. This document is not at all oblivious, though (see Section 3). I read >> the document to be implicitly assuming the server operator to be doing (or >> at least in control of) the data collection, which is why the two statements >> I pointed out seemed so striking for their lack of declaring that >> limitation. If the document was meant to be oblivious, it shouldn’t make >> normative (in the dictionary definition sense) claims about what is ideal, >> optimal, or necessary. > > Hi Alissa, > > If we update the statements as below to clarify the context would that > address your concern? > > Section 1: > OLD: > "There has long been a need to collect DNS queries and responses on > authoritative and recursive name servers for monitoring and analysis.” > > NEW” > “There has long been a need for server operators to collect DNS queries and > responses on > authoritative and recursive name servers for monitoring and analysis.” > > Section 3: > > OLD: > "In an ideal world, it would be optimal to collect full packet > captures of all packets going in or out of a name server.” > > NEW: > “From a purely server operator perspective, collecting full packet > captures of all packets going in or out of a name server provides the > most comprehensive picture of network activity.”
Yes, thank you. Alissa > > Sara.
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
