<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Nov 1, 2014 at 4:15 PM, Paul Vixie <span dir="ltr"><<a href="mailto:paul@redbarn.org" target="_blank">paul@redbarn.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><blockquote style="border:0px none" type="cite"><div style="margin:30px 25px 10px 25px"><div style="display:table;width:100%;border-top:1px solid #edeef0;padding-top:5px"><div style="display:table-cell;vertical-align:middle;padding-right:6px"><img src="cid:part1.07060103.01040409@redbarn.org" name="1496cfff34425ae9_compose-unknown-contact.jpg" width="25px" height="25px"></div> <div style="display:table-cell;white-space:nowrap;vertical-align:middle;width:100%">
<a href="mailto:phill@hallambaker.com" style="color:#737f92!important;padding-right:6px;font-weight:bold;text-decoration:none!important" target="_blank">Phillip Hallam-Baker</a></div> <div style="display:table-cell;white-space:nowrap;vertical-align:middle">
<font color="#9FA2A5"><span style="padding-left:6px">Saturday,
November 01, 2014 1:08 PM</span></font></div></div></div>
<div style="color:rgb(136,136,136);margin-left:24px;margin-right:24px"><div dir="ltr"><br><div class="gmail_extra">...</div><span class=""><div class="gmail_extra"><br></div><div class="gmail_extra">One of the concerns I have about approaches to
DPRIVE is that they tend to start from the DNS specification and add
security to that model rather than look at real world implementations. </div><div class="gmail_extra"><br></div></span><div class="gmail_extra">...</div></div></div>
</blockquote>
<br>
i've briefly advised the dns-privacy@ group to avoid opacity as a goal.
dns's control and data planes are intermixed, and any attempt to reduce
the forwarding/recursion/caching layer to zero knowledge will be an even
larger task than creating DNS in the first place and then tuning and
tweaking it for the last ~25 years. we'll see what happens.</div></blockquote><div><br></div><div>One of the most common failure modes in security designs is the mistaken belief that there is only one security concern. </div><div><br></div><div>The thing is that almost every security problem is quite easily solved if that is the only problem that is recognized. Hence my concern about a charter that only talks about one problem. </div><div><br></div><div>The NSA is the cause du jour. But they are only one intelligence agency and surveillance is only one of the potential harms people face on the net. Russian hacker gangs trying to steal people's money or encrypt their data and hold the keys for ransom are rather more commonly exercised threats.</div><div><br></div><div>Curated DNS is potentially a tool that can be used to provide protection. But as with any sort of anti-virus there is a privacy consequence and the introduction of a trusted third party with potentially serious intrusive capabilities.</div></div></div></div>