[lac-discuss-en] DNS Privacy Problem Statement - IETF Informational
Carlton Samuels
carlton.samuels at gmail.com
Tue Nov 12 21:07:33 UTC 2013
Seems we have a greatly enlarged problem domain than that we're on about
with RDS.
Here are a few things that caught my eye in the DNS Privacy Problem
Statement by S. Bortzmeyer (AFNIC maeven] to the IETF Network Working Group:
1. Apropos, DNSSEC and confidentiality of the DNS messaging:
*"(DNSSEC, specified in RFC4033] explicitely excludes confidentiality from
its goals.) So, if an initiator starts a HTTPS communication with a
recipient, while the HTTP traffic will be encrypted, the DNS exchange prior
to it won’t be."*
2. Apropos, surveillance:
*"The best place, from an eavesdropper’s point of view, is clearly between
the stub resolvers and the resolvers, because you are not limited by DNS
caching."*
Per #1, I simply didn't realize this was the case!
Per #2, I long figured that were I in the surveillance business, parking on
the highway joining the requestor and nameserver with my ears open is the
optimal point to get all the metadata one could ever hope. As the writer
notes, they are "*not in the communication path but are enablers*".
Individual targeting -meaning direct access - can be arranged by one or
other means from the info presented by metadata.
Thanks to Michele for sharing. See it all here:
http://tools.ietf.org/pdf/draft-bortzmeyer-perpass-dns-privacy-00.pdf
- Carlton
===============
Carlton A Samuels
Mobile: 876-818-1799
*Strategy, Planning, Governance, Assessment & Turnaround*
=============================
More information about the lac-discuss-en
mailing list