On Mon, 13 Oct 2014, Phillip Hallam-Baker wrote:
I think we can maybe clarify the charter a little here.
Protecting the integrity of the messages between the stub and the
resolver should be a requirement for any spec.
Yes.
But authenticity of the authoritative zone data is a completely
separate problem. For that purpose we want to be able to do offline
signing.
This is completely out of scope. We have DNSSEC for that.
Perhaps you meant encryption to the authoritative server? That's a
harder problem because as with dnscurve, that's a DDOS problem.
Paul
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
