Well said, Christian. I would like to err on the side of "many smaller", based on the comments by Bruce Schneier; we were safer in the days when there were 10 000 email providers.
I feel that this, combined with DNS over TLS and QNAME minimisation, and the padding, is a significant step forward, and I applaud the community and WG for their efforts. Now we need the customers to convince their ISP that these matters are important, and then we get the 10 000 (or whatever) privacy secured DNS servers. I will be starting with my infrastructure and then pressuring my ISP. We do still need the recursive to auth encryption ... /Hugo ________________________________________ From: Christian Huitema [huit...@huitema.net] Sent: Friday, 3 June 2016 19:26 To: 'Paul Wouters'; Hugo Maxwell Connery Cc: dns-privacy@ietf.org Subject: RE: [dns-privacy] Deployment issues On Thursday, June 2, 2016 3:50 PM, Paul Wouters wrote: > > On Thu, 2 Jun 2016, Hugo Maxwell Connery wrote: > > > so, lets get 8.8.8.8 running TLS DNS as a push. > > > > Hang on, they are a sruveillence/advertising business! No problem, it > > is just they who can surveill. > > It still makes sense to reduce the number of people that can read your DNS > requests, just like it makes sense to use https to google.com. Yes. And we have an interesting issue with the size of the service. In theory, anybody could set up a recursive resolver somewhere on the Internet, and provide privacy services using RFC7858. For example, I could set something like "private-resolver.huitema.net" on a server that I control. The traffic to that resolver would be duly encrypted. I may even implement counter measures in the server to make it hard to guess the actual queries relayed by the resolver. And then, I could program my laptop to always use that resolver. But then, in the name of privacy, I would have just built the opposite, a tracking beacon. There is exactly one user for "private-resolver.huitema.net." Tracking traffic there provides a pretty good indication on the movements of my laptop. Even if the service had a few hundred or a few thousands customers instead of just one, we would still have a traffic effect. Tracking that access narrows the search to these few thousands customers. That's a pretty good identifier. So here we are, with one leg of the dilemma: use small servers for RFC 7858 allows tracking of the users. Now, if we have big servers, we do not have the same issue. If 15% of the Internet uses 8.8.8.8, tracking that narrows the search space to something like 150 million users. Not a very big deal. But then, we have the other leg of the dilemma. Even if the provider of 8.8.8.8 is trying to not be evil, they are big, and thus they are a fat big target. They have to abide by every censorship and tracking requirements in the country in which they do business. They can receive secret letters from the security services compelling them to do some evil stuff. They can be the target of hacks by state sponsored "cyber warriors." They could even at some point get pressured to show revenues for the service, and start engaging in data mining. So, yes, we do have a problem. Either small and cuddly and easy to track. Or big and robust and a target for hacks and threats. That's better than nothing in the short term, but we should not stop there. -- Christian Huitema _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy