On 12 January 2017 at 08:40, 'Eran Messeri' via certificate-transparency <[email protected]> wrote: > All, > > We're soliciting feedback on the privacy implications of using the DNS-based > protocol for obtaining inclusion proofs from mirrors of CT logs (link to > protocol description). > > I've attempted a privacy analysis, together with Daniel Kahn-Gillmor, Sara > Dickinson, Melinda Shore, in the following document: > https://docs.google.com/document/d/1DY2OsrSJDzlRHY68EX1OwQ3sBIbvMrapQxvANrOE8zM/view > > The goal is to get community feedback on the correctness and completeness of > the analysis, so that the privacy implications aspect of the protocol is > publicly reasoned about and documented, and each CT client (in particular > User Agents) could make an informed choice on implementing the protocol. > > Please comment on the trans IETF mailing list, not the document itself.
Awesome, thanks for this Eran! I can think of a few things that are probably worth adding. I second Andrew's comments about uniquely identifying a user (although user clustering, especially with businesses seems even more likely and similarly problematic.) It seems like query clustering (by resolver) is possible - similar to visited hosts vs resolved hosts the DNS operator can make inferences about which queries from a resolver come from the same client. (I'm not sure this is terribly useful, the most reliable attack I could imagine is traffic confirmation like "They visited besthomesinseattle.com and then 221springstseattle.com".) -tom _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
