On Feb 8, 2017, at 3:30 PM, Mark Andrews <ma...@isc.org> wrote: > And if the service has the same privacy issues as .onion has? > > So we leak names until every recursive server in the world is > validating (what % is that today?) and supports agressive negative > caching (still a I-D).
I feel like I am arguing with a wall, so if this doesn't work I will just give up. But if it's okay for us to ask resolvers to make a chance, it is okay for us to ask resolvers to make the right change. And if they don't, yes, it's possible that some queries will leak. There is nothing we can do to prevent that other than harden caching servers and stub resolvers; if we are going to do that, we might as well do it right, by caching the full proof of nonexistence, rather lying about what's in the root zone.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop