This is a discussion on Re: dns & confidentiality? - DNS ; > ... > > but it probably would mean "if you're not the initiator but you happen to > > be able to monitor the transaction in flight, you should not learn any > > names or data". this is ...
> > but it probably would mean "if you're not the initiator but you happen to
> > be able to monitor the transaction in flight, you should not learn any
> > names or data". this is the second tricky part after non-enumerability,
> > and seems to imply a full DH preauth between each initiator/responder
> > pair. yow!
> What this does is add privacy to the DNS transaction, as opposed to add
> confidentiality to the zone. (by which I mean here preventing nameservers
> themselves from publishing the zone in its entirety, which is what we want
> to achieve); this seems to me an orthogonal requirement (and not a
> requirement of ours, though I can see it might be something others might
> wish for).
i understood that this is not one of nominet's concerns. however, if we're
going to reconsider the basic design and threat model of dnssec for -TER,
then it's going to be necessary to survey the community to find out what else
really matters and to whom.
> Why is it orthogonal? ...
i agree that transaction secrecy is orthogonal to zone confidentiality, but
both are part of the general field of "things dnssec doesn't do" and i expect
that a proper field survey will turn up *both* as requirements for -TER.
> So I'm not sure the two should be linked; neither am I sure that
> transaction privacy isn't better addressed through (for instance) DNS
> over TLS (or for that matter IPSEC), which, as far as I can tell,
> would fully deal with this issue at the cost of a couple of sentences
> in a standard, but not touch on enumerability.
if privacy can be handled with tls or ipsec then so be it -- but for now, my
goal is to "get everybody's concerns out onto the table." for -TER, "opt-in"
might come back for another round of debate.
those of you arguing for NSEC2 might by now be realizing that you should "be
careful what you wish for." a reconsideration of the design goals and threat
model of dnssec could draw in features beyond non-enumerability of zone data.
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.