Stephane, At 2016-04-29 15:57:27 +0200 Stephane Bortzmeyer <bortzmeyer+i...@nic.fr> wrote:
> No objection from the AS112 operators was received. Now, what do you > think of this draft? Should we continue or is it a bad idea (or a good > one, but hopeless?) I think I said this in person but I don't know if I ever wrote it down. I think that there may be some decreased privacy since queries for these zones are going to be sent to basically anonymous servers instead of root servers. Certainly for something like .ONION this is less desirable. OTOH, anyone using such a zone faces operator error causing such leaks in any case. Indeed having these queries show up at the root is also the result of DNS administrator misconfiguration. Also, any attacker interested in looking at such queries has alternate ways of seeing such traffic even today (via BGP tricks at least). The actual extra leakage is minimal. If the proposal does go forward (I really have no feeling whether it is useful or not), then perhaps this can be mentioned in the "Possible issues" section? Cheers, -- Shane
pgpwokiOkOhaO.pgp
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
