Eric Orth <[email protected]> wrote: > On Tue, Nov 17, 2020 at 4:46 PM Tony Finch <[email protected]> wrote: > > > > There's also a privacy leak: if you assign a unique subdomain then when a > > device roams and leaks queries for the private domain, the device can be > > tracked and correlated with other devices that use the same private > > domain. > > > > What if, in whatever hypothetical solution is using this, it is reasonable > for devices to always regenerate the names they are using on changing > networks? At least in such hypothetical cases, it seems the privacy danger > would be significantly mitigated, right? (Maybe we're getting too far into > unknown hypotheticals without finding actual usecases or implementors that > want this.)
Ah, oops, I need to clarify: the private domain might be a per-CPE domain or an enterprise internal domain; the device is someone's phone or laptop which roams between multiple networks. The private domain is handed to the roaming device, and the device doesn't know (isn't told, and can't be told with current protocols) that the domain name is supposed to be private to the network. So the device is likely to keep asking about names of services in the private domain regardless of the network it is connected to, and thereby leak private information. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Southeast Iceland: Southeasterly 6 to gale 8, decreasing 4 or 5, then becoming cyclonic 7 to severe gale 9, occasionally storm 10 later in south. Rough or very rough, becoming high or very high later in south. Rain, squally showers later. Moderate or good, becoming moderate or poor. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
