On Wed, Nov 13, 2013 at 10:32:27AM +0000, Jim Reid <j...@rfc1035.com> wrote a message of 16 lines which said:
> Whenever someone outsources (part of) their DNS service, this > usually involves a contract Contracts do not solve everything: let's assume the manager of the ccTLD .cp outsources one name server to a company in the USA. The contract clearly states that the contractor MUST NOT send collected DNS traffic data to anyone but the registry. Now, a FBI agent comes to the contractor and, invoking the Patriot Act, request the data (with, of course, a gag order preventing the contractor to warn its client). What would the contractor do? > These may well include "management reports" that could well provide > access in one way or another to the underlying query data. Some of > the better DNS hosting providers have already been doing this for > years. Whether a customer chooses to look at that data or use those > facilities is another matter of course. The real problem is "reasonable user expectation". Imagine a secondary name server of .cp hosted in China. Most users of the TLD .cp would be quite surprised to know that their data is potentially captured there. > BTW Stephane is well ahead of the rest of us when it comes to the > issues of privacy and data protection -- and their second-order > effects -- relating to DNS query streams, particularly in a European > context. This work started inside CENTR <https://centr.org/> so I think we could all thank the CENTR members. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
