On 1 Apr 2014, at 17:43, Wes Hardaker <[email protected]> wrote: > The problem with other solutions is that you (a DNS user) must trust > someone not to have been hacked or to sell you out. > > This solution is a super-hack, but shows the type of architecture needed > to ensure that no entity but you knows both: > > - who made the request > - what the request (and response) contains > > Anyone that knows both is a potential point of compromise.
That was the basis of our onion-smelling proposal, too: http://tools.ietf.org/html/draft-jabley-dnsop-dns-onion-00 This document describes an approach which separates the data in DNS queries and responses from the identity of the DNS resolver used by DNS clients. [...] This is an incomplete proposal. It has been distributed in its current form for the purposes of discussion, such that the high-level approach can be considered amongst other options in the general consideration of DNS privacy. The authors have called out particular gaps in this document. The authors are confident that there are many other gaps that have not been mentioned. The absence of a description of a gap in this document does not imply there is no gap. Contents may have settled in transit. Your statutory rights are not affected. The origins of this document lie in a beer-soaked afternoon conversation in the lobby bar of the Hilton Metropole, London, UK. Should this document play any future part in preserving human life or dignity, the authors recommend the installation of a small but elegant brass plaque, the text embossed upon which should naturally be encrypted. Joe _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
