On Wed, Nov 11, 2015 at 12:32:55PM +0100, Maarten Wullink <maarten.wull...@sidn.nl> wrote a message of 63 lines which said:
> I just read you draft about qname minimisation again and i > discovered that besides limiting the number of labels the resolver > is sending to the authoritative it also proposes to replace the > qtype with "NS" when sending queries to authoratives. > > This is understandable for privacy concerns but it also makes it > impossible (or at least much more difficult) to perform security > analysis at the vantage point of the authoritive server operator > such as a ccTLD. This is known (section 5) and discussed in appendix B. > Is this something the group discussed? and maybe something you want > to add to the security section of the draft? It was a consequence of the Dallas meeting where the point was raised <https://www.ietf.org/proceedings/92/slides/slides-92-dnsop-0.pdf> and the consensus was clearly to focus on the most privacy-preserving solution, leaving alternatives in appendixes <http://www.ietf.org/proceedings/92/minutes/minutes-92-dnsop>. See also <https://github.com/bortzmeyer/my-IETF-work/issues/9>, <https://github.com/bortzmeyer/my-IETF-work/issues/11>, <https://centr.org/system/files/share/centr-report-ietf92-20150518_0.pdf> (section "More Privacy Work in DNSOP") _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
