In message <a6839264-7054-4a08-828b-66bfa6c94...@fugue.com>, Ted Lemon writes: > > On Feb 8, 2017, at 3:30 PM, Mark Andrews <ma...@isc.org> wrote: > > And if the service has the same privacy issues as .onion has? > > > > So we leak names until every recursive server in the world is > > validating (what % is that today?) and supports agressive negative > > caching (still a I-D). > > I feel like I am arguing with a wall, so if this doesn't work I will just > give up. But if it's okay for us to ask resolvers to make a chance, it > is okay for us to ask resolvers to make the right change. And if they > don't, yes, it's possible that some queries will leak. There is nothing > we can do to prevent that other than harden caching servers and stub > resolvers; if we are going to do that, we might as well do it right, by > caching the full proof of nonexistence, rather lying about what's in the > root zone.
Actually we can do something that doesn't require that validation be enabled. We don't have to create that linkage. It's not like the names are not supposed to exist. They do/will exist and not as in they are/will be squatted upon. Oh sorry, you can't have privacy unless you validate. And only because people are too scared to ask for changes to the root zone to add a delegation. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
