Donate
‹ Back
Deploy360 21 October 2014

DPRIVE – New IETF Working Group On DNS Privacy

By Dan York Senior Manager, Content and Web Strategy

IETF LogoHow can we ensure the confidentiality of DNS queries to protect against pervasive monitoring?  What kind of mechanisms can be developed to increase the privacy of an individual’s DNS transactions?

After holding a BOF session (DNSE) at an earlier IETF meeting, the IETF has now chartered a new Working Group called DPRIVE (DNS PRIVate Exchange) to dig into this matter. Part of the WG charter states:

The set of DNS requests that an individual makes can provide an
attacker with a large amount of information about that individual.
DPRIVE aims to deprive the attacker of this information. (The IETF
defines pervasive monitoring as an attack [RFC7258])

The primary focus of this Working Group is to develop mechanisms that
provide confidentiality between DNS Clients and Iterative Resolvers,
but it may also later consider mechanisms that provide confidentiality
between Iterative Resolvers and Authoritative Servers, or provide
end-to-end confidentiality of DNS transactions. Some of the results of
this working group may be experimental. The Working Group will also
develop an evaluation document to provide methods for measuring the
performance against pervasive monitoring; and how well the goal is met.
The Working Group will also develop a document providing example
assessments for common use cases.

The group has adopted its first document for consideration, Stephane Bortzmeyer’s “DNS privacy considerations”, draft-bortzmeyer-dnsop-dns-privacy, and discussion has already begun on the “dns-privacy” mailing list.  This list is open to anyone to join. You can subscribe at:

https://www.ietf.org/mailman/listinfo/dns-privacy

and the archives are available at:

http://www.ietf.org/mail-archive/web/dns-privacy/current/maillist.html

While this group does not directly relate to the work we do here at Deploy360 related to DNSSEC, it is part of the overall effort to increase the security of the DNS, and so I thought it would be of interest to our readers.

If you are interested in monitoring what is being discussed about DNS privacy, or contributing to those discussions, I would definitely encourage you to subscribe and join in the conversations and the work to make the Internet more secure!

‹ Back

Related articles

DPRIVE experimental service debuts @ IETF 99
Deploy36024 August 2017

DPRIVE experimental service debuts @ IETF 99

The IETF is not only a place to discuss the development of Internet protocols, but also offers a place for...

Rough Guide to IETF 92: DNSSEC, DANE and DNS Security
Rough Guide to IETF 92: DNSSEC, DANE and DNS Security
Domain Name System (DNS)18 March 2015

Rough Guide to IETF 92: DNSSEC, DANE and DNS Security

As per usual, DNSSEC, DANE and DNS security in general are all topics of great attention at IETF 92. The...

Rough Guide to IETF 94: DNSSEC, DPRIVE and DNS Security
Rough Guide to IETF 94: DNSSEC, DPRIVE and DNS Security
Domain Name System (DNS)30 October 2015

Rough Guide to IETF 94: DNSSEC, DPRIVE and DNS Security

DNS privacy will be the main topic at IETF 94 in Yokohama related to the overall theme of "DNS security"....

Join the conversation with Internet Society members around the world