> On Nov 21, 2018, at 10:11 AM, Sara Dickinson <s...@sinodun.com> wrote: > > > >> On 21 Nov 2018, at 10:58, Alissa Cooper <ali...@cooperw.in >> <mailto:ali...@cooperw.in>> wrote: >> >> >> >>> On Nov 20, 2018, at 9:01 PM, Joe Abley <jab...@hopcount.ca >>> <mailto:jab...@hopcount.ca>> wrote: >>> >>> Hi Alissa! >>> >>> On Nov 20, 2018, at 20:18, Alissa Cooper <ali...@cooperw.in >>> <mailto:ali...@cooperw.in>> wrote: >>> >>>> I support Benjamin's first DISCUSS point. In addition to documenting the >>>> privacy considerations, I think it's important for this document to be >>>> crystal >>>> clear about who is meant to be doing the data collection -- namely, the >>>> server >>>> operator. There are some statements in the document that otherwise could be >>>> construed to be encouraging third-party passive monitoring of DNS traffic >>>> without explaining why, which seems like a problem: >>> >>> I think it may be worth exploring why that's a problem. >>> >>> I think a capture format should be oblivious to the circumstances of >>> the capture; >> >> Ok. This document is not at all oblivious, though (see Section 3). I read >> the document to be implicitly assuming the server operator to be doing (or >> at least in control of) the data collection, which is why the two statements >> I pointed out seemed so striking for their lack of declaring that >> limitation. If the document was meant to be oblivious, it shouldn’t make >> normative (in the dictionary definition sense) claims about what is ideal, >> optimal, or necessary. > > Hi Alissa, > > If we update the statements as below to clarify the context would that > address your concern? > > Section 1: > OLD: > "There has long been a need to collect DNS queries and responses on > authoritative and recursive name servers for monitoring and analysis.” > > NEW” > “There has long been a need for server operators to collect DNS queries and > responses on > authoritative and recursive name servers for monitoring and analysis.” > > Section 3: > > OLD: > "In an ideal world, it would be optimal to collect full packet > captures of all packets going in or out of a name server.” > > NEW: > “From a purely server operator perspective, collecting full packet > captures of all packets going in or out of a name server provides the > most comprehensive picture of network activity.”
Yes, thank you. Alissa > > Sara.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
