On 23/10/14 18:29, Hugo Maxwell Connery wrote: > Essentially, all of the above calls for a Threat Model in these > discussions.
Yes, a good bit of work would be required before any such scheme could be recommended. That work would require both design/analysis and some experiments I reckon. But I'd be slightly (not hugely) less pessimistic than you I think. Taking your scenario where we assume confidentiality via crypto is deployed for stub<->recursive, one could further assume that some set(s) of recursives might gossip amongst one another (or with some service(s)) about which names they've seen being requested (in a privacy friendly manner of course:-) and then use those names for the fake queries. I think that could be done and could if there were few users behind each recursive amortise some privacy protection over all those users. But not sure if the costs would be worth it. S. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
