On Thu 2014-10-23 08:45:45 -0400, Phillip Hallam-Baker <[email protected]> wrote:
> Which in my view means that the recursive has to be a trusted service and
> the notion of promiscuous recursive resolver use has to be stamped out.
I'm not convinced that your conclusion follows from your premise here,
Phil.
I agree with your premise that a recursive resolver needs to be a
trusted service.
But i don't see why a trusted recursive resolver can't be "promiscuous"
(though it's possible that i'm not understanding the term in the way you
mean it).
For example, anonymity-friendly service provider nologs.example might
offer a recursive resolver for anyone who wants to use it, while
identifying themselves to the public with cryptographically-strong
credentials.
The trust relationship for a recursive resolver is directional, not
symmetric.
--dkg
pgpLMWseiIlfI.pgp
Description: PGP signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
