[getdns-users] privacy work on getdns at the IETF 94 Hackathon
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Nov 1 15:41:41 UTC 2015
On Sun 2015-11-01 16:49:43 +0900, David C Lawrence wrote:
> Daniel Kahn Gillmor writes:
>> client_subnet_private:
>>
>> https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-04
>
> Thanks for doing this! I'm very happy to see library support for this
> added. My only question would be whether you could make it so people
> could specify exactly how much they're willing to reveal, rather than
> complete anonymity.
Thanks for the prompt review, David!
I was concerned about producing an API that would be more complicated
than developers would know how to use reliably -- let alone exposing
this choice to regular users directly.
It seems to me that we don't have a lot of data about what the risks are
for revealing only a portion of your IP address to a server. I suspect
it depends on the distribution of e-mail addresses querying some
particular name, since that would affect how large the anonymity set is.
If we wanted an even more complete API, we could also allow users to
make a claim about what IP address to put in the ADDRESS field of the
RDATA. (and if we don't let the user set that, then the library itself
has to fill in the ADDRESS field with something -- where should it get
that information from? If the getdns client is behind a NAT, should it
publish its own internal address?
So i opted for the simple and more-clearly understood privacy approach
(ask DNS recursors to behave like blinded resolvers), rather than these
more nuanced parameters. If you want to make an argument about what
kind of configuration choices should be made for a more nuanced API, i'm
happy to hear it, but please keep in mind that simpler is better in
general!
all the best,
--dkg
More information about the Users
mailing list