On Tue, Mar 04, 2014 at 06:15:37PM +0000, Joe Abley <jab...@hopcount.ca> wrote a message of 34 lines which said:
> EDNS0 options are hop-by-hop. It's not obvious this is what we need, > since that makes every intermediate DNS server a potential > interception point. But perhaps that's ok anyway, if we imagine the > 80% solution involves stub -> resolver -> authority where each arrow > is a separate privacy domain anyway. More generally, we need to decide whether we want a truly end-to-end solution (which would be very much at odds with the architecture of the DNS) or if we are happy to protect only the messages in transit, leaving the issues of syping by intermediate servers to other solutions (QNAME minimization, local caching resolvers...). _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop