* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Dprive Status Pages

DNS PRIVate Exchange (Active WG)
Int Area: Éric Vyncke, Erik Kline | 2014-Oct-17 —  

2020-03-26 charter

DNS PRIVate Exchange (dprive)


 Current Status: Active

     Brian Haberman <brian@innovationslab.net>
     Tim Wicinski <tjw.ietf@gmail.com>

 Internet Area Directors:
     Erik Kline <ek.ietf@gmail.com>
     Éric Vyncke <evyncke@cisco.com>

 Internet Area Advisor:
     Éric Vyncke <evyncke@cisco.com>

 Mailing Lists:
     General Discussion: dns-privacy@ietf.org
     To Subscribe:       https://www.ietf.org/mailman/listinfo/dns-privacy
     Archive:            https://mailarchive.ietf.org/arch/browse/dns-privacy/

Description of Working Group:

  The DNS PRIVate Exchange (DPRIVE) Working Group develops mechanisms
  to provide confidentiality to DNS transactions in order to address
  concerns surrounding pervasive monitoring (RFC 7258).

  The set of DNS requests that an individual makes can provide an
  attacker with a large amount of information about that individual.
  DPRIVE aims to deprive the attacker of this information (The IETF
  defines pervasive monitoring as an attack [RFC7258]).

  The initial focus of this Working Group was the development of
  mechanisms that provide confidentiality and authentication between
  DNS Clients and Iterative Resolvers (published as RFCs 7858 and
  8094). With proposed standard solutions for the client-to-iterative
  resolvers published, the working group turns its attention to the
  development of documents focused on: 1) providing confidentiality
  to DNS transactions between Iterative Resolvers and Authoritative
  Servers, 2) measuring the efficacy in preserving privacy in the
  face pervasive monitoring attacks, and 3) defining operational,
  policy, and security considerations for DNS operators offering
  DNS privacy services. Some of the results of this working group
  may be experimental.There are numerous aspects that differ between
  DNS exchanges with an iterative resolver and exchanges involving
  DNS root/authoritative servers. The working group will work with
  DNS operators and developers (via the DNSOP WG) to ensure that
  proposed solutions address key requirements.

  DPRIVE is chartered to work on mechanisms that add confidentiality
  to the DNS. While it may be tempting to solve other DNS issues while
  adding confidentiality, DPRIVE is not the working group to do this.
  DPRIVE will not work on any integrity-only mechanisms. Examples
  of the sorts of risks that DPRIVE will address can be found in [RFC
  7626], and include both passive wiretapping and more active attacks,
  such as MITM attacks. DPRIVE will address risks to end-users' privacy
  (for example, which websites an end user is accessing).

  DPRIVE Work Items:

  - Develop requirements for adding confidentiality to DNS exchanges
  between recursive resolvers and authoritative servers (unpublished

  - Investigate potential solutions for adding confidentiality to DNS
  exchanges involving authoritative servers (Experimental).

  - Define, collect and publish performance data measuring effectiveness
  of DPRIVE-published technologies against pervasive monitoring

  - Document Best Current Practices for operating DNS Privacy services.

Goals and Milestones:
  Mar 2020 - Submit draft on operating DNS privacy services for publication (BCP)
  Aug 2020 - Submit draft on DNS privacy exchanges involving authoritative servers (Exp)
  Mar 2021 - Submit draft on DNS privacy performance metrics and actual measurements (Info)
  Done     - Unpublished document on requirements for DNS privacy services between recursive and authoritative servers (Wiki)

All charter page changes, including changes to draft-list, rfc-list and milestones:

Generated from PyHt script /wg/dprive/charters.pyht Latest update: 24 Oct 2012 16:51 GMT -