Re: [dns-privacy] [dprive-problem-statement] Clearly marking privacy considerations?
On Sun, Nov 02, 2014 at 01:32:22PM -0800, Christian Huitema huit...@huitema.net wrote a message of 33 lines which said: CONSIDERATION NNN: exposing source IP addresses of DNS queries raises privacy risks Passive monitoring records the domain names queried by IP addresses. This can be us to identify the user behind the address It was just an example. My question was not for a discussion on _this_ specific consideration but about the meta-idea of indicating privacy considerations more clearly. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] [dprive-problem-statement] Clearly marking privacy considerations?
On Nov 2, 2014, at 12:57 PM, Stephane Bortzmeyer bortzme...@nic.fr wrote: A reviewer told me privately that it is not clear, from draft-ietf-dprive-problem-statement-00.txt, what are the actual considerations/issues/problems. They are mentioned but not highlighted enough, he said. I did not have the problem that that reviewer did, but WGs in the past have had problems with the problem statement document indicates X vs. it doesn't say that. He suggested to add prominent CONSIDERATIONS from time to time, for instance when discussing source IP addresses, having: CONSIDERATION NNN: exposing source IP addresses of DNS queries raises privacy risks Advice? My preference is not to have three categories, but just one: problems. Problems are issues, and problems have considerations, but what the WG needs is a list of problems that it needs to try to solve. --Paul Hoffman ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] [dprive-problem-statement] Clearly marking privacy considerations?
A reviewer told me privately that it is not clear, from draft-ietf-dprive-problem-statement-00.txt, what are the actual considerations/issues/problems. They are mentioned but not highlighted enough, he said. He suggested to add prominent CONSIDERATIONS from time to time, for instance when discussing source IP addresses, having: CONSIDERATION NNN: exposing source IP addresses of DNS queries raises privacy risks Advice? We may discuss it here and/or during the dprive-problem-statement slot in Honolulu (unless there is a conflict with the scuba WG). ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] [dprive-problem-statement] Clearly marking privacy considerations?
On 11/2/2014 12:57 PM, Stephane Bortzmeyer wrote: A reviewer told me privately that it is not clear, from draft-ietf-dprive-problem-statement-00.txt, what are the actual considerations/issues/problems. They are mentioned but not highlighted enough, he said. He suggested to add prominent CONSIDERATIONS from time to time, for instance when discussing source IP addresses, having: CONSIDERATION NNN: exposing source IP addresses of DNS queries raises privacy risks Passive monitoring records the domain names queried by IP addresses. This can be us to identify the user behind the address -- finding quickly the domain names of private mail server, business mail server, preferred services, etc. Some of that information can be also retrieved from traffic analysis, but all. Passive monitoring divulges access to named services, which is more info than mere IP addresses when the services use shared infrastructure like CDN or server pools. Real time passive monitoring enables automated spoofed response, which are used to instantiate MITM attacks. -- Christian Huitema ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy