On Wed, Apr 2, 2014 at 11:24 PM, Phillip Hallam-Baker <hal...@gmail.com>wrote:
> > > > On Wed, Apr 2, 2014 at 10:48 PM, Andrew Sullivan > <a...@anvilwalrusden.com>wrote: > >> On Wed, Apr 02, 2014 at 09:07:07PM -0400, Phillip Hallam-Baker wrote: >> > 1) Client -> Resolver >> >> > Changing 1 is the easiest and also the part that is most in need. >> >> >From where I sit, that project appears to reduce to roughly "upgrade >> all the computers on Earth." It may be that we do not have a common >> meaning of "easiest". Perhaps you could say more. >> > > Nope, just the gateway devices and the main DNS servers. > > Legacy DNS over raw UDP will be around for decades to come. But DNS over a > privacy protected transport is quite viable. > > The privacy issues are most acute at the network gateway device, the > firewall or the WiFi router. > > > Privacy protection plus anti-censorship protection is in big demand right > now. > Since we have essentially zero DNSSEC stub clients in operation and 100% of those that are in use are being deployed by aggressive early adopters, deployment in the stub client -> recursive loop is actually quite easy. What we can't do is to break legacy DNS without DNSSEC. That is the deployment scenario that is beyond redemption. -- Website: http://hallambaker.com/
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop