On 10/22/2014 10:19 PM, Ted Hardie wrote: > > Clearly, had Joe used OpenDNS, Google's DNS, or a large ISP DNS service > which aggregates many more users, the chance of a cache miss would be > lower and the correlation would be much, much harder even in the case of > a cache miss. But the DNS protocol cannot presume that sort of > deployment, and they have other consequences in terms of trust between > users and large services. >
To name one: the bigger the shared resolver, the higher the chance the three letter agencies want and might have their taps there. So IMHO Joe is simply shifting trust here, not necessarily in- or decreasing it. Jelte _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
