Stephane Bortzmeyer wrote:
> On Mon, Nov 11, 2013 at 02:16:44PM +,
> Tony Finch wrote
> a message of 15 lines which said:
>
> > > draft-bortzmeyer-perpass-dns-privacy
> ...
> > Another thing to mention is the risk due to third-party secondary
> > authoritative servers.
>
> While it was not
Mark Andrews wrote:
> Paul Wouters wrote:
>
> > and it fails when CNAME/DNAME is involved, as you also point out.
>
> It doesn't fail when a CNAME or a DNAME is involved. The data is
> useful to validate the CNAME/DNAME and you just initiate more
> queries to validate the target of the CNAME/DNAM
On 13 Nov 2013, at 10:17, Tony Finch wrote:
> But not all these servers are run by the organizations that superficially
> might appear to run them.
That's a non-sequitur. Whenever someone outsources (part of) their DNS service,
this usually involves a contract and certain service level commitm
On Wed, Nov 13, 2013 at 10:17:05AM +,
Tony Finch wrote
a message of 34 lines which said:
> But not all these servers are run by the organizations that
> superficially might appear to run them. For instance, queries for
> names in .fr can be sent to the ISC or SIDN or Netnod as well as
> ni
On Wed, Nov 13, 2013 at 10:32:27AM +,
Jim Reid wrote
a message of 16 lines which said:
> Whenever someone outsources (part of) their DNS service, this
> usually involves a contract
Contracts do not solve everything: let's assume the manager of the
ccTLD .cp outsources one name server to
On 13 Nov 2013, at 10:43, Stephane Bortzmeyer wrote:
> Contracts do not solve everything: let's assume the manager of the
> ccTLD .cp outsources one name server to a company in the USA. The
> contract clearly states that the contractor MUST NOT send collected
> DNS traffic data to anyone but the
Jim Reid wrote:
>
> I'm struggling to see why anyone could have that sort of expectation these
> days.
I think this is the "hope / demand" meaning of expect rather than the
"anticipate" meaning. Like when you tell a child that you expect them to
behave well even when you anticipate they will not
Paul Wouters wrote:
>
> Yes you can ask for the NS records, and the NS records that are in
> a completely different zone, at the expense of launching new queries,
> adding round trips.
You can get all the info in two round trips at most. First round trip: ask
for NS records at all the potential z
On Nov 13, 2013, at 5:36, Stephane Bortzmeyer wrote:
>
> Note: .us is entirely hosted in the US.
No longer true.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Wh
I think the document should also include the risk of cache inspection. An
eavesdropper with access to the same recursive cache as the victim can examine
the cache to get a picture of the DNS queries the victim(s) performed and when
based on the TTL of cached RRsets. While the attacker can't say
On Nov 13, 2013, at 6:30 AM, Jim Reid wrote:
> On 13 Nov 2013, at 10:43, Stephane Bortzmeyer wrote:
>
>> Contracts do not solve everything: let's assume the manager of the
>> ccTLD .cp outsources one name server to a company in the USA. The
>> contract clearly states that the contractor MUST N
On 13 nov 2013, at 16:04, Suzanne Woolf wrote:
> I'm nervous of any assumption that any jurisdiction won't compromise its Data
> Protection regime under some conditions. I'd simply assume such contracts
> can't be reliably kept inside the US or outside, unless I'm sure that the
> data doesn't
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations Working Group
of the IETF.
Title : Automating DNSSEC delegation trust maintenance
Author(s) : Warren Kumari
On 13 nov 2013, at 16:04, Suzanne Woolf wrote:
> IOW-- I know as a USan I can be expected to say this, but other agencies
> besides the USG spy,
Indeed.
> and yes, even in places with stronger Data Protection if only because other
> jurisdictions tend to have "national security" carve-outs in
On Wed, Nov 13, 2013 at 11:30:29AM +,
Jim Reid wrote
a message of 43 lines which said:
> I'm struggling to see why anyone could have that sort of expectation
> these days. The vast majority won't even be aware DNS is involved in
> their use of the interwebs at all. [Or what google, faceboo
On Wed, Nov 13, 2013 at 02:36:13PM +,
Rose, Scott wrote
a message of 34 lines which said:
> I think the document should also include the risk of cache
> inspection.
I hesitate. For me, giving the amount of privacy violations by the NSA
(and may be by smaller and less-funded other agencie
16 matches
Mail list logo
