On 6/28/23, 12:49 PM, "John Levine" <[email protected]> wrote:
!-------------------------------------------------------------------| This Message Is From an External Sender |-------------------------------------------------------------------! It appears that Ben Schwartz <[email protected]> said: >-=-=-=-=-=- >As noted in RFC 8499, "Passive DNS" raises some significant privacy concerns. >This is true even when client IP addresses are omitted. >For example, the proposed format includes timestamps. An adversary who can >record encrypted DNS traffic and can acquire corresponding >Passive DNS logs could "join" the two datasets to break the protection offered >by encrypted DNS. > >I hope the working group will weigh the privacy considerations carefully when >deciding how to proceed. I take your point, but I hope we agree that omitting timestamps from the spec won't make them go away. It's fine to describe the security issues, but let's not make the NAT mistake and imagine that not documenting it will make people stop using it. When the IETF documents something, that is unavoidably an endorsement. We should be cautious about what we endorse. An interesting comparison here is the draft on SSLKEYLOGFILE: https://datatracker.ietf.org/doc/html/draft-thomson-tls-keylogfile-00. The Security Considerations are extensive and pointed. It helps that the risks are obvious. In this case, the risks may be less obvious, and we should work to make them more obvious. For example, we could decide to add a mandatory client IP field. This would help to emphasize that the data is in fact highly sensitive, and must be treated with the same level of caution as other PII logs. (It would also make the logs more useful in contexts where they are safe to use.) As it stands, I think this format is something of a privacy footgun. It looks reasonably deidentified, but in the DPRIVE threat model (see e.g. RFC 7626) it is highly reidentifiable. As a matter of process, I would like to see input from DPRIVE if this proceeds. --Ben Schwartz
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
