Skip to main content

Privacy Improvements for DNS Resolution with Confidential Computing
draft-arkko-dns-confidential-02

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Jari Arkko , Jiri Novotny
Last updated 2022-01-03 (Latest revision 2021-07-02)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

Data leaks are a serious privacy problem for Internet users. Data in flight and at rest can be protected with traditional communications security and data encryption. Protecting data in use is more difficult. In addition, failure to protect data in use can lead to disclosing session or encryption keys needed for protecting data in flight or at rest. This document discusses the use of Confidential Computing, to reduce the risk of leaks from data in use. Our example use case is in the context of DNS resolution services. The document looks at the operational implications of running services in a way that even the owner of the service or compute platform cannot access user-specific information produced by the resolution process.

Authors

Jari Arkko
Jiri Novotny

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)