On Thu, Nov 28, 2013 at 11:10:39AM -0500, Paul Wouters <p...@nohats.ca> wrote a message of 58 lines which said:
> Additionally, encrypting to authoritative servers seems to not make > _that_ much sense to me. Remember, when I need to know > www.nohats.ca, I already tell the .ca nameserver the entire QNAME > before I get the referral. It seems to me, not an argument against encryption, but an argument against relying on encryption alone. When facing pervasive monitoring, there is little chance we'll find _one_ solution that will solve everything. We need a set of solutions. To address the problem you mention, the solution is QNAME minimization, described in draft-bortzmeyer-dnsop-dns-privacy. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
