On 13 Nov 2013, at 10:43, Stephane Bortzmeyer <bortzme...@nic.fr> wrote:
> Contracts do not solve everything: let's assume the manager of the > ccTLD .cp outsources one name server to a company in the USA. The > contract clearly states that the contractor MUST NOT send collected > DNS traffic data to anyone but the registry. Now, a FBI agent comes to > the contractor and, invoking the Patriot Act, request the data (with, > of course, a gag order preventing the contractor to warn its > client). What would the contractor do? Decline contracts from customers who have those requirements since they can't meet them. Though those customers will/should be taking their business to companies outside USA^W^Win other jurisdictions anyway. And surely the customer will be obliged to enter contracts that comply with their national law anyway? We have this in Europe already wrt Data Protection: personal data can't be exported to a jurisdiction that does not have an equivalent or better Data Protection regime. BTW, you seem to be making an assumption that the DNS query data for some domain is "owned" by the domain name holder. I'm not sure that's the case. However we should leave that layer-9+ discussion to the lawyers and keep it well away from the IETF. >> These may well include "management reports" that could well provide >> access in one way or another to the underlying query data. Some of >> the better DNS hosting providers have already been doing this for >> years. Whether a customer chooses to look at that data or use those >> facilities is another matter of course. > > The real problem is "reasonable user expectation". Imagine a secondary > name server of .cp hosted in China. Most users of the TLD .cp would be > quite surprised to know that their data is potentially captured there. I'm struggling to see why anyone could have that sort of expectation these days. The vast majority won't even be aware DNS is involved in their use of the interwebs at all. [Or what google, facebook, $CloudProvider, et al is harvesting from their activity.] They send a lookup into the public Internet, have no way of knowing which DNS server answers (or where it is located), or who might be listening in to that traffic. Given the recent Snowden revelations, anyone who is vaguely awake must realise they have next to no expectation of privacy or anonymity whenever they use the Internet or PSTN as supplied by their ISP or telco. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
