On Feb 7, 2018, at 9:22 AM, Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > The intention of this specification is to enable stateful information > (connection parameters and DNS data) directly related to the DSO > Session to be transmitted. This creates trackable state and prevents > queries from coming from successive privacy addresses, as could be the > case with regular DNS queries, for a privacy-conscious client. Before > using DSO (or any kind of long-lived DNS sessions), this consequence > should be taken into account. The risk is partially mitigated by using > encryption (which protects against sniffing by a third-party, but not > against logging by the server.) > > The design of new TLV must also avoid adding any information that > could make this tracking easier.
Thanks for this text. I am pretty happy with it; the only thing I'd be tempted to change would be the last sentence, which I would state this way instead: When designing new TLVs, the potential for the TLV to be used as a tracking identifier should be taken into consideration, and should be avoided when not required. I say this because in some cases it's perfectly fine to know who you're talking to; e.g. in draft-sctl-dnssd-mdns-relay-02, I specified the use of TLS client authentication, because hybrid relays are network infrastructure. Although this is happening at the TLS layer and not the session signaling layer, it's effectively the same thing. Your other comments all make sense to meāthanks for the thorough review and particularly for suggesting text and not just saying "you should change this text." :)
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop