Work on current practices

Farzaneh-Unicode commented 11 months ago

Add ISO certification Human rights consideration Audit on privacy and security practices

Farzaneh-Unicode commented 11 months ago

Current practices: 1. ISO certification: some DNS resolvers use different ISO certification for their security and privacy functions. ISO 27701:2019; ISO 27001:2013 (ISO or similar certification to be included somewhere in the document - find where) Inlude the audit process here: Audit: Audit for public resolver commitments; Example: https://cf-assets.www.cloudflare.com/slt3lc6tev37/5xlHCvvNBrvrIoWbuk1vTy/e1058b0d366adf4e983aef99a6ed2a1f/Cloudflare_1.1.1.1_Public_Resolver_Report_-_03302020__2_.pdf 2. Linking to human rights principles: (quad9) Articles 8 and 9 of Resolution 42/15 of the United Nations Human Rights Council on the right to privacy in the digital age; to inform users about the collection, use, sharing, and retention of their data; to establish transparency and policies that allow for the informed consent of users; to implement administrative, technical, and physical safeguards to ensure data is processed lawfully; to ensure that such processing is necessary in relation to the purposes of the processing; and to ensure the legitimacy of such purposes and the accuracy, integrity, and confidentiality of the processing; to ensure that respect for human rights is incorporated into the design and operation of systems; and to enable technical solutions to secure and protect the confidentiality of digital communications, including measures for encryption and anonymity. Link to: RFC8280: - just mention that some public resolvers commit to human rights

Farzaneh-Unicode commented 11 months ago

Anonymization: IP Flow Anonymization Support: RFC 6235 https://datatracker.ietf.org/doc/html/rfc6235 TPR program by Mozilla: Limiting data, Transparency, Blocking and modification https://blog.mozilla.org/netpolicy/2019/12/09/trusted-recursive-resolvers-protecting-your-privacy-with-policy-technology/