Another note about builtin/inline encryption solutions: there is a trade-off between encryption + authentication/integrity as recommended by crypto design rules vs. performances and message sizes. Of course this will be addressed during the crypto design, so when/after we reach a consensus about what we need in DNS encryption (i.e., message size overhead SHOULD be small). BTW it (the overhead) will be likely bigger in the query than in the response so we should not get new amplification concerns.
Regards francis.dup...@fdupont.fr _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
