> -----Original Message----- > From: Paul Wouters <[email protected]> > Sent: Friday, November 30, 2018 11:15 AM > To: Hollenbeck, Scott <[email protected]> > Cc: '[email protected]' <[email protected]>; '[email protected]' <dns- > [email protected]>; '[email protected]' > <[email protected]> > Subject: [EXTERNAL] RE: [dns-privacy] DNS PRIVate Exchange (dprive) WG > Virtual Meeting: 2018-12-10 > > On Fri, 30 Nov 2018, Hollenbeck, Scott wrote: > > >> Why wait ? Let's hear what he has to say on the list beforehand, so > >> we can discuss on the list and if needed during the interim. It would > >> be a better use of our voice-to-voice time. > > > > Here's what's been shared with the list already: > > > > https://mailarchive.ietf.org/arch/msg/dns-privacy/YHAa2kLGcKHMPEjkJQpQ > > J_Amfeo > > > > There haven't been any replies. > > I see a number of replies listed on the page you cite above? :)
Replies with the same subject, yes, but there's been no discussion of the content of Karl's note. Anyway... > Doing encryption on an authoritative server is tricky. It was one of the > arguments against encrypting DNS with DNSSEC, and against dnscurve. > > times have changed, and it deserves another look, but some note that says > "If running out of resources, drop the encryption and serve DNS data in > the clear might be needed". Ideally in a way that querying clients that > want to insist on privacy can bail out instead of receiving cleartext. Possibly, but it may also be worth discussing how to avoid getting into resource exhaustion situations in the first place. Do you have any thoughts on Karl's "need for a profile of encryption standards" comment? Scott _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
