-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I also heard that this is the place to discuss DNS privacy.
This draft is a protocol, and represents an (interesting) point in the
solution space. I would refer to Borzmeyer's draft and Koch's draft
for problem space analysis.
http://tools.ietf
Though bringing privacy protection to the DNS query and response, this method
may bring many other negative impacts on DNS system. The DNS resolution latency
will be increased due to fetching so-called ENCRYPT RR which makes the DNS zone
file bigger. Not onlay the DNS server but also the DNS cli
Resolution latency is only affected initially when the resolver must fetch the
confkey record, after that initial fetch (until TTL expires) there are no
additional packets introduced into the query/response exchange.
Zone file size is not an issue - adding a single key record to support
confide
On Thu, 28 Nov 2013, W.C.A. Wijngaards wrote:
I also heard that this is the place to discuss DNS privacy.
This is a generic problem people keep mentioning. We need some new WG
for DNS extensions that's not operations. i was told this was going to
be discussed at dnsops at ietf88 , but it did n
On Nov 28, 2013, at 11:10 AM, Paul Wouters wrote:
> On Thu, 28 Nov 2013, W.C.A. Wijngaards wrote:
>
>> I also heard that this is the place to discuss DNS privacy.
>
> This is a generic problem people keep mentioning. We need some new WG
> for DNS extensions that's not operations. i was told thi
On Thu, 28 Nov 2013, Glen Wiley wrote:
Asking the LAN's resolver for a specific record (type ENCRYPT to QNAME
".") seems a bit dangerous. This is of course completely MITM-able, but
I see no real other way to trust something fundamentally untrustworthy. So
that's okay. But I fear too many of t
