I have not reviewed all these drafts thoroughly, since I am a slacker, and so
what follows is mainly a reaction to presentations and not a detailed reading
of the text. So, in no particular order (hence numbering):
8. draft-hzhwm-start-tls-for-dns-00, TO not protected
It seems like a potential
On Tue, Mar 04, 2014 at 06:15:37PM +,
Joe Abley wrote
a message of 34 lines which said:
> EDNS0 options are hop-by-hop. It's not obvious this is what we need,
> since that makes every intermediate DNS server a potential
> interception point. But perhaps that's ok anyway, if we imagine the
On 05 Mar 2014, at 14:12, Stephane Bortzmeyer wrote:
> More generally, we need to decide whether we want a truly end-to-end
> solution (which would be very much at odds with the architecture of
> the DNS) or if we are happy to protect only the messages in transit,
> leaving the issues of syping
On 03/05/2014 02:40 PM, João Damas wrote:
>
> perhaps there is a need to separate the problem into tractable
> chunks. For the part of the problem about authenticating the
> recursive resolver (the fake 8.8.8.8 problem) we probably a
> different solution than for the metadata snooping problem (who
On 3/5/14, 3:02 PM, Jelte Jansen wrote:
+1. I don't want to fight about requirements for 10 years, and it does
look like there are different and competing views as to what
constitutes confidentiality here. So a split into several problems,
which can have shared or separate solutions, seems like
