Re: [lac-discuss-en] [WHOIS-WG] DNS Privacy Problem Statement - IETF Informational
Carlton
the IETF stuff on this is quite interesting .. a lot of this is "known", but as
you mentioned, not exactly "obvious" ..
M
--
Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Domains
http://www.blacknight.co/
http://blog.blacknight.com/
http://www.technology.ie
Intl. +353 (0) 59 9183072
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 1 4811 763
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland Company No.: 370845
________________________________
From: whois-wg-bounces@xxxxxxxxxxxxxxxxxxxxxxx
[whois-wg-bounces@xxxxxxxxxxxxxxxxxxxxxxx] on behalf of Carlton Samuels
[carlton.samuels@xxxxxxxxx]
Sent: 12 November 2013 21:07
To: ICANN WHOIS Expert Workin Group; lac-discuss-en@xxxxxxxxxxxxxxxxxxxxxxx;
<whois-wg@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: [WHOIS-WG] DNS Privacy Problem Statement - IETF Informational
Seems we have a greatly enlarged problem domain than that we're on about with
RDS.
Here are a few things that caught my eye in the DNS Privacy Problem Statement
by S. Bortzmeyer (AFNIC maeven] to the IETF Network Working Group:
1. Apropos, DNSSEC and confidentiality of the DNS messaging:
"(DNSSEC, specified in RFC4033] explicitely excludes confidentiality from its
goals.) So, if an initiator starts a HTTPS communication with a recipient,
while the HTTP traffic will be encrypted, the DNS exchange prior to it won’t
be."
2. Apropos, surveillance:
"The best place, from an eavesdropper’s point of view, is clearly between the
stub resolvers and the resolvers, because you are not limited by DNS caching."
Per #1, I simply didn't realize this was the case!
Per #2, I long figured that were I in the surveillance business, parking on the
highway joining the requestor and nameserver with my ears open is the optimal
point to get all the metadata one could ever hope. As the writer notes, they
are "not in the communication path but are enablers". Individual targeting
-meaning direct access - can be arranged by one or other means from the info
presented by metadata.
Thanks to Michele for sharing. See it all here:
http://tools.ietf.org/pdf/draft-bortzmeyer-perpass-dns-privacy-00.pdf
- Carlton
===============
Carlton A Samuels
Mobile: 876-818-1799
Strategy, Planning, Governance, Assessment & Turnaround
=============================
_______________________________________________