Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > On Mon, Nov 11, 2013 at 02:16:44PM +0000, > Tony Finch <d...@dotat.at> wrote > a message of 15 lines which said: > > > > draft-bortzmeyer-perpass-dns-privacy > ... > > Another thing to mention is the risk due to third-party secondary > > authoritative servers. > > While it was not explicitely specified, the idea of this draft is to > document the privacy risks for the end-user (the one perforing DNS > requests). > > Here, if I understand correctly, you talk about the privacy risks for > the holder of a zone who decides to host it (partially or totally) on > name servers she does not control, and which will be able to see the > traffic. Am I correct?
I was thinking along the lines of the draft's existing discussion of query privacy. It talks about the root and TLD servers getting (some) view of users' queries, as well as the authority servers for the domain itself. But not all these servers are run by the organizations that superficially might appear to run them. For instance, queries for names in .fr can be sent to the ISC or SIDN or Netnod as well as nic.fr. This might be a surprising reduction of privacy for some people, perhaps similarly surprising to the fact that the root and TLDs see entire queries. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
