-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
I also heard that this is the place to discuss DNS privacy. This draft is a protocol, and represents an (interesting) point in the solution space. I would refer to Borzmeyer's draft and Koch's draft for problem space analysis. http://tools.ietf.org/html/draft-wijngaards-dnsop-confidentialdns-00 It supports opportunistic encryption, i.e. try to encrypt but fallback to insecure. This supports deployment immensely, because clean DNS paths are uncommon. It supports stateless operation. It uses UDP. It supports encryption for stub-to-cache and cache-to-authority. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSl0RiAAoJEJ9vHC1+BF+NbOcP/03f76fPIp8rkKtjYdjTHbZ7 qoMFVsIbZ6GqoB77U2w2dtVEirfqLkcBQ5gE1LzLGL/AS4aKVBg7GLAY/qv1o+BM YIvoecRd+P+/mzZZtROJbpe3Pp3ktsL9+A4SaChpWBWPR7qCUKGh2R0YWq6hHj0h btIOFROGnt/QH0Pho7/0N9UfNBVlc6By8BSwON2kiR9bD+oyCDGxJQ85N03p8FJo kVIZM6PtsUHQxhX4rhQec5t/LBu1oXVq5tdVSzjiIYZAcUI9lLfv7f7o1QccAIUF YZ/u1OvIp3l6iKNK3eLrimXRu7dFR09aqUcbYD0LNci6g4AY0awPYk2TE5OtQ1Ll SHpil/QzKA0V4QPANfZNBV/wL5SitnQuS6fLYkKnsjSED8AUINNLqYttSo+wPEMs ReCPI51pyuvL0E/ZkfiKRsfb8qiuFh1OkCLFgJZMVzecLcOvrVfxxf4SNe8Z8i7F IzSNikgqSzIK/hQSEMVjk9O+f97/muQw0fCiqGbIS9hUntEwJ90/Ji20dxlz2aj7 V7nuC4wz53VWHtIYhiDMP2P9Twbh40TmdIf9yWFZzkayryBVwH5gTuU1ZqL2sVc6 qMolnaKQdTFnM4jAMzfYBuHyUzFTRqG1u9IXLskmBl0tDAOH0cRV4bD6oH8BZd+X v//pHQiVWuyMbndChPrm =PdRr -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
