On Mon, Oct 12, 2015 at 3:13 AM, <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations Working > Group of the IETF. > > Title : DNS query name minimisation to improve privacy > Author : Stephane Bortzmeyer > Filename : draft-ietf-dnsop-qname-minimisation-07.txt > Pages : 11 > Date : 2015-10-12 > > Abstract: > This document describes one of the techniques that could be used to > improve DNS privacy, a technique called "QNAME minimisation", where > the DNS resolver no longer sends the full original QNAME to the > upstream name server. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-qname-minimisation/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-07 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-qname-minimisation-07 > > > This draft looks good to me.
Minor suggestions for section 8, which reads: 8. Security Considerations QNAME minimisation's benefits are clear in the case where you want to decrease exposure to the authoritative name server. But minimising the amount of data sent also, in part, addresses the case of a wire sniffer as well the case of privacy invasion by the servers. (Encryption is of course a better defense against wire sniffers but, unlike QNAME minimisation, it changes the protocol and cannot be deployed unilaterally. Also, the effect of QNAME minimisation on wire sniffers depend on whether the sniffer is, on the DNS path.) Middle sentence, add another "as": "as well the case of privacy invasion" -> "as well as the case of privacy invasion" Last line: "depend on" -> "depends on" Also, at the end of Appendix B, it reads: To address the "number of queries" issue, described in Section 6, a possible solution is to always use the traditional algorithm when the cache is cold and then to move to QNAME minimisation. This will decrease the privacy but will guarantee no degradation of performance. I don't know how one decides when a cache switches from "cold" to "hot". But I guess that is left to the implementor. -- Bob Harold
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
