> On 21 Nov 2018, at 10:58, Alissa Cooper <ali...@cooperw.in> wrote: > > > >> On Nov 20, 2018, at 9:01 PM, Joe Abley <jab...@hopcount.ca> wrote: >> >> Hi Alissa! >> >> On Nov 20, 2018, at 20:18, Alissa Cooper <ali...@cooperw.in> wrote: >> >>> I support Benjamin's first DISCUSS point. In addition to documenting the >>> privacy considerations, I think it's important for this document to be >>> crystal >>> clear about who is meant to be doing the data collection -- namely, the >>> server >>> operator. There are some statements in the document that otherwise could be >>> construed to be encouraging third-party passive monitoring of DNS traffic >>> without explaining why, which seems like a problem: >> >> I think it may be worth exploring why that's a problem. >> >> I think a capture format should be oblivious to the circumstances of >> the capture; > > Ok. This document is not at all oblivious, though (see Section 3). I read the > document to be implicitly assuming the server operator to be doing (or at > least in control of) the data collection, which is why the two statements I > pointed out seemed so striking for their lack of declaring that limitation. > If the document was meant to be oblivious, it shouldn’t make normative (in > the dictionary definition sense) claims about what is ideal, optimal, or > necessary.
Hi Alissa, If we update the statements as below to clarify the context would that address your concern? Section 1: OLD: "There has long been a need to collect DNS queries and responses on authoritative and recursive name servers for monitoring and analysis.” NEW” “There has long been a need for server operators to collect DNS queries and responses on authoritative and recursive name servers for monitoring and analysis.” Section 3: OLD: "In an ideal world, it would be optimal to collect full packet captures of all packets going in or out of a name server.” NEW: “From a purely server operator perspective, collecting full packet captures of all packets going in or out of a name server provides the most comprehensive picture of network activity.” Sara.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
