DNS PRIVate Exchange

The information below is for an older proposed charter
Document Proposed charter DNS PRIVate Exchange WG (dprive) Snapshot
Title DNS PRIVate Exchange
Last updated 2014-09-23
State Start Chartering/Rechartering (Internal Steering Group/IAB Review) Rechartering
WG State Proposed
IESG Responsible AD √Čric Vyncke
Charter Edit AD Brian Haberman
Send notices to warren@kumari.net, tjw.ietf@gmail.com


The DNS PRIVate Exchange (DPRIVE) Working Group develops mechanisms to
provide confidentiality to DNS transactions, to address concerns surrounding
pervasive monitoring (RFC 7258).

The set of DNS requests that an individual makes can provide an attacker with a
large amount of information about that individual. DPRIVE aims to deprive the
attacker of this information. (The IETF defines pervasive monitoring as an
attack [RFC7258])

The primary focus of this Working Group will be to develop mechanisms that
provide confidentiality between DNS Clients and Iterative Resolvers, but it may
also later consider mechanisms that provide confidentiality between Iterative
Resolvers and Authoritative Servers, or provide end-to-end confidentiality of
DNS transactions.

DPRIVE is chartered to work on mechanisms that add confidentiality to the DNS.
While it may be tempting to solve other DNS issues while adding
confidentiality, DPRIVE is not the working group to do this.  DPRIVE will not
work on any integrity-only mechanisms.

Examples of the sorts of risks that DPRIVE will address can be found in
[draft-bortzmeyer-dnsop-dns-privacy], and include both sniffing traffic on the
wire and more active attacks, such as MITM attacks.

Some of the main design goals (in no particular order) are:

- Provide confidentiality to DNS transactions.

- Maintain backwards compatibility with legacy DNS implementations.

- Focus on developing deployable solutions.

- Require minimal application-level changes.

- Require minimal additional configuration or effort from applications or users

Starting milestones:

Dec 2014: WG LC on an problem statement document (starting point:
[draft-bortzmeyer-dnsop-dns-privacy]) Jan 2015: WG selects one or more primary
protocol directions May 2015: WG LC on primary protocol directions