On Tue, Apr 01, 2014 at 02:43:10PM -0700, Wes Hardaker <[email protected]> wrote a message of 23 lines which said:
> http://datatracker.ietf.org/doc/draft-hardaker-dnse-split-key-dns/ You mention the risk coming from the resolver. That's why, IMHO, we should recommend people to run a local resolver, as much as possible (I'm aware it may not always be possible, for instance for constrained devices). See section 2.2.1 of draft-bortzmeyer-dnsop-privacy-sol-00 This leaves us with the authoritative name servers learning the request. Caching protects a bit. For the rest, that's where qname minimisation or minimization comes into play. The authoritative name servers will still learn things but not as many things. See draft-bortzmeyer-dns-qname-minimisation _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
