On Sun, Mar 8, 2015 at 6:45 PM, Phillip Hallam-Baker <[email protected]> wrote: <snip> > > HTTPS privacy isn't the problem we are solving right now but DPRIV privacy > isn't going to be worth very much if the information we are securing is then > disclosed in the HTTP/HTTPS layer. So we have to solve DPRIV in a way that > does not paint us into a corner when we try to solve the next puzzle.
But I don't see how using TLS 1.2 for a resolver to client connection paints us into a corner when trying to solve SNI related leakage by changes in TLS 1.3, in a way that using some other cryptographic protocol doesn't. The information leaked by SNI when connecting to the resolver is not the information looked up over that link. Sincerely, Watson Ladd > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy > -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
