On 6/29/23, 1:11 PM, "John R Levine" <[email protected]> wrote:
If you're running 8.8.8.8 your logs have a whole lot of PII, but if you're running resolvers in front of industrial networks and using PDNS to look for malfunctioning or compromised IoT boxes, there's no PII at all. Yes, but since the format doesn’t carry client IPs, it’s not very friendly for this IoT use case. We could fix that! > As it stands, I think this format is something of a privacy footgun. It > looks reasonably deidentified, but in the DPRIVE threat model (see e.g. RFC > 7626) it is highly reidentifiable. I completely agree that we need to document the security and privacy issues and suggest ways both to understand what they are, and how to mitigate them. But if we imagine that we are smarter than the people who use our specs, well, we aren't. If the IETF says “deidentified DNS logs are basically anonymous” vs. “deidentified DNS logs are basically PII”, I believe that makes a big difference in the world. Expert practitioners might already understand the nuance here, but our audience is broader than that.
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
