It appears that Ben Schwartz <[email protected]> said: >-=-=-=-=-=- >As noted in RFC 8499, "Passive DNS" raises some significant privacy concerns. >This is true even when client IP addresses are omitted. >For example, the proposed format includes timestamps. An adversary who can >record encrypted DNS traffic and can acquire corresponding >Passive DNS logs could "join" the two datasets to break the protection offered >by encrypted DNS. > >I hope the working group will weigh the privacy considerations carefully when >deciding how to proceed.
I take your point, but I hope we agree that omitting timestamps from the spec won't make them go away. It's fine to describe the security issues, but let's not make the NAT mistake and imagine that not documenting it will make people stop using it. R's, John _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
