On Wed, Mar 05, 2014 at 12:51:52PM +0000, Olafur Gudmundsson <o...@ogud.com> wrote a message of 41 lines which said:
> I NEED confidence that I'm talking to the real 8.8.8.8 if the only > way to get that is encryption then I support it. The goal of the DNSE BoF was privacy, not authentication. For authentication, we have DNSSEC :-) For the case where the validating resolver is far away and we need to secure the last mile against AD-bit tampering, well... no problem statement published, no I-D and no BoF yet. > I would prefer that before we start talking about encryption is we > agree on label stripping by recursive resolvers as that minimizes > the leak of information to root/tld servers. Why before? Encryption and QNAME minimization are both great things and should be done but they solve different privacy problems: * surveillance by a third-party sniffing the wire (encryption) * surveillance by the name servers' operators (QNAME minimization) _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
