RIVE, and comments to the list, clearly stating your view.
>
> Please also indicate if you are willing to contribute text, review, etc.
I support adoption of draft-hzpa-dprive-xfr-over-tls and am willing to
review.
--
Robert Edmonds
___
dns-priva
ervers with a separate NS query
to DNSSEC-validate any signals encoded in NSDNAMEs.
--
Robert Edmonds
___
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy
to help an inferior format.
What does poor message decoding performance from a particular
implementation have to do with DNS transaction confidentiality?
(There are DNS implementations that advertise high query rates with
filtering, so I'm skeptical that backwards inco
the transport.
(BTW, one thing I wonder about is, for operators who *don't* use
AXFR/IXFR on port 53 to distribute their zones, does the transport they
use support confidentiality equivalent to TLS/SSH?)
--
Robert Edmonds
___
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy
h the IETF has committed to mitigating (RFC 7258). This is a much
broader issue than the existence or disclosure of personally
identifiable data.
--
Robert Edmonds
___
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy
ster a port for a “private use” protocol.
--
Robert Edmonds
___
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy
it) may be useful to an
attacker. And key distribution between AXFR clients and servers is
probably even more well understood than key distribution between
resolver and authority.
--
Robert Edmonds
___
dns-privacy mailing list
dns-privacy@ietf.org
89
_53 or _853 ?
--
Robert Edmonds
___
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy
Christian Huitema wrote:
> Is this part of DPRIVE's charter?
"...but it may also later consider mechanisms that provide
confidentiality between Iterative Resolvers and Authoritative
Servers, or provide end-to-end confidentiality of DNS transactions."
Unbound is fixed (PowerDNS has a feature request for round-robin, but
> is currently also fixed (*)).
Unbound actually does support both fixed and randomized, and the entropy
is taken from an interesting place: the ID field from the query.
--
Robert Edmonds
til the mid-1960s and was the first
machine capable of supporting large networks that was considered
secure against known plaintext attack. The KL-7 was also used by
several NATO countries until 1983.
--
Robert Edmonds
___
dns-privacy mailin
11 matches
Mail list logo