On 14/11/16 16:56, Jakob Bohm wrote: > If this is the only privacy mechanism in 6962bis, I would suggest that > everyone not employed by either Google or another mass-monitoring > service block its adoption on human rights grounds and on the basis of > being a mass-attack on network security.
I think you are overstating the in-practice benefits of attempting to keep your internal hostnames secret. As a wise person pointed out at CAB Forum, if I wanted to find out lots of hostnames on Microsoft's internal network, I would just run a network sniffer at the local Starbucks and look at what DNS requests were made. Also, wildcards are an additional mechanism by which you can keep the leftmost part of your hostname private, for subdomains. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy