* Stephane Bortzmeyer: > I just posted a new version of the DNS privacy draft, > draft-bortzmeyer-dnsop-dns-privacy-01. The most important difference > is that it is now split in two, one pure problem statement, > draft-bortzmeyer-dnsop-dns-privacy and an exploration of possible > solutions, draft-bortzmeyer-dnsop-privacy-sol. The first one seems to > me (and to the AD) well adapted to dnsop. The second one mixes > solutions that may be in the realm of dnsop (such as qname > minimization) and solutions that would require a new WG (such as > encryption of DNS traffic).
The -sol draft mentions QNAME minimization without defining the term. Is this about sending only as many labels as required to obtain a delegation from an authoritative server? There is another privacy-enhancing approach that is not mentioned in the draft: defensive delegations. For example, with current resolver behavior, the lack of a delegation for 1.E164.ARPA means that queries under that tree are sent to the E164.ARPA servers, which are scattered around the globe. With a delegation, the delegation would be cached and queries could be kept locally in the region. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
