On 03/05/2014 01:27 PM, Francis Dupont wrote: > > Personally I don't like the idea of DNS encryption but because I > don't want to give a reason to ISPs to filter port 53. >
This is something I worry about too. If we consider the resolver itself out of scope, and only protect the wire, all the more reasons for ISPs to try and force you to use theirs (perhaps even after some friendly coercion from the nearest three-letter agency (four in the netherlands as well)). In which case we'd need even better channel encryption, to the point where you can't tell it's DNS, so it can be tunneled out of the network (and that is an avenue only reserved for us geeks, I wager). Jelte _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
