On Thu, Jul 20, 2017 at 1:54 PM, Ted Lemon <mel...@fugue.com> wrote: > It would be nice if there were an RFC to point to that used a method that > didn't include PII. For the use cases of which I am ware, there is no > need to identify individual devices: only policies. What's lacking is a > way to do this in the home router, so the PII winds up getting exported to > the cloud not because that's necessary to accomplish the filtering but > because it's the only available place where the translation from > PII->policy can be done in practice. Unfortunately, solving _that_ > problem is definitely out of scope for DNSOP. > > isn't the query path here: (largely) client -> cpe-router -> provider-cache-resolver -> auth-dns
and at the cache->auth layer it's potentially the case that the provider can say: "use precision of /24" or "use precision of /17" ? So, there's really not much "pii" that can be worried over at the provider-cache-resolver (they already know who you are...) and they (provider) can decide how much granularity is "important" to release to the upstream authoritative cache.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
