Of interest to this WG, because some of the items that were previously
discussed for DNSOP are now in the new WG.
--Paul Hoffman
Begin forwarded message:
> From: The IESG
> Subject: WG Action: Formed DNS PRIVate Exchange (dprive)
> Date: October 17, 2014 at 8:29:04 AM PDT
> To: IETF-Announce
> Cc: dprive WG
> Reply-To: i...@ietf.org
>
> A new IETF working group has been formed in the Internet Area. For
> additional information please contact the Area Directors or the WG
> Chairs.
>
> DNS PRIVate Exchange (dprive)
>
> Current Status: Proposed WG
>
> Chairs:
> Tim Wicinski
> Warren Kumari
>
> Assigned Area Director:
> Brian Haberman
>
> Mailing list
> Address: dns-priv...@ietf.org
> To Subscribe: https://www.ietf.org/mailman/listinfo/dns-privacy
> Archive: http://www.ietf.org/mail-archive/web/dns-privacy/
>
> Charter:
>
> The DNS PRIVate Exchange (DPRIVE) Working Group develops mechanisms to
> provide confidentiality to DNS transactions, to address concerns
> surrounding pervasive monitoring (RFC 7258).
>
>
> The set of DNS requests that an individual makes can provide an
> attacker with a large amount of information about that individual.
> DPRIVE aims to deprive the attacker of this information. (The IETF
> defines pervasive monitoring as an attack [RFC7258])
>
>
> The primary focus of this Working Group is to develop mechanisms that
> provide confidentiality between DNS Clients and Iterative Resolvers,
> but it may also later consider mechanisms that provide confidentiality
> between Iterative Resolvers and Authoritative Servers, or provide
> end-to-end confidentiality of DNS transactions. Some of the results of
> this working group may be experimental. The Working Group will also
> develop an evaluation document to provide methods for measuring the
> performance against pervasive monitoring; and how well the goal is met.
> The Working Group will also develop a document providing example
> assessments for common use cases.
>
>
> DPRIVE is chartered to work on mechanisms that add confidentiality to
> the DNS. While it may be tempting to solve other DNS issues while
> adding confidentiality, DPRIVE is not the working group to do this.
> DPRIVE will not work on any integrity-only mechanisms.
>
>
> Examples of the sorts of risks that DPRIVE will address can be found
> in [draft-bortzmeyer-dnsop-dns-privacy], and include both passive
> wiretapping and more active attacks, such as MITM attacks. DPRIVE will
> address risks to end-users' privacy (for example, which websites an
> end user is accessing).
>
>
>
> Some of the main design goals (in no particular order) are:
>
>
> - Provide confidentiality to DNS transactions (for the querier).
>
>
> - Maintain backwards compatibility with legacy DNS implementations.
>
>
> - Require minimal application-level changes.
>
>
> - Require minimal additional configuration or effort from applications or
> users
>
> Milestones:
> Dec 2014 - WG LC on an problem statement document
> Mar 2015 - WG selects one or more primary protocol directions
> Jul 2015 - WG LC on primary protocol directions
>
>
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
