IETF-93 Proceedings

Introduction  |  Area, Working Goup & BoF Reports  |  Plenaries  |  Training  |  Internet Research Task Force

DNS PRIVate Exchange (dprive) (WG)

Minutes   |   Jabber Logs  |   Mailing List Archives

Additional information is available at tools.ietf.org/wg/dprive

Chair(s): Tim Wicinski Warren Kumari Internet Area Area Director(s): Brian Haberman Terry Manderson Assigned Area Director Terry Manderson

Recordings:

• Audio recording for 2015-07-24 09:00

Meeting Slides:

• Agenda and Chairs
• Start TLS
• DNS over DTLS
• draft-am-dprive-eval
• DPRIVE IPSEC
• EDNS0 padding

Blue Sheets:

• bluesheets-93-dprive-01.pdf

Internet-Drafts:

• DNS over DTLS (DNSoD) (27920 bytes)
• DNS over TLS: Initiation and Performance Considerations (38474 bytes)

Request for Comments:

• DNS Privacy Considerations (RFC 7626) (43202 bytes)

Charter (as of 2014-10-17):

The DNS PRIVate Exchange (DPRIVE) Working Group develops mechanisms to
provide confidentiality to DNS transactions, to address concerns
surrounding pervasive monitoring (RFC 7258).


The set of DNS requests that an individual makes can provide an
attacker with a large amount of information about that individual.
DPRIVE aims to deprive the attacker of this information. (The IETF
defines pervasive monitoring as an attack [RFC7258])


The primary focus of this Working Group is to develop mechanisms that
provide confidentiality between DNS Clients and Iterative Resolvers,
but it may also later consider mechanisms that provide confidentiality
between Iterative Resolvers and Authoritative Servers, or provide
end-to-end confidentiality of DNS transactions. Some of the results of
this working group may be experimental. The Working Group will also
develop an evaluation document to provide methods for measuring the
performance against pervasive monitoring; and how well the goal is met.
The Working Group will also develop a document providing example
assessments for common use cases.


DPRIVE is chartered to work on mechanisms that add confidentiality to
the DNS. While it may be tempting to solve other DNS issues while
adding confidentiality, DPRIVE is not the working group to do this.
DPRIVE will not work on any integrity-only mechanisms.


Examples of the sorts of risks that DPRIVE will address can be found
in [draft-bortzmeyer-dnsop-dns-privacy], and include both passive
wiretapping and more active attacks, such as MITM attacks. DPRIVE will
address risks to end-users' privacy (for example, which websites an
end user is accessing).



Some of the main design goals (in no particular order) are:


- Provide confidentiality to DNS transactions (for the querier).


- Maintain backwards compatibility with legacy DNS implementations.


- Require minimal application-level changes.


- Require minimal additional configuration or effort from applications or users

Home - Tools Team - Datatracker - Web Site Usage Statistics - IASA - IAB - RFC Editor - IANA - IRTF - IETF Trust - ISOC - Store - Contact Us
Secretariat services provided by Association Management Solutions, LLC (AMS).
Please send problem reports to: ietf-action@ietf.org.