On Thu, Oct 23, 2014 at 7:50 PM, Daniel Kahn Gillmor <[email protected]> wrote:
> On Thu 2014-10-23 08:45:45 -0400, Phillip Hallam-Baker < > [email protected]> wrote: > > > Which in my view means that the recursive has to be a trusted service and > > the notion of promiscuous recursive resolver use has to be stamped out. > > I'm not convinced that your conclusion follows from your premise here, > Phil. > > I agree with your premise that a recursive resolver needs to be a > trusted service. > > But i don't see why a trusted recursive resolver can't be "promiscuous" > (though it's possible that i'm not understanding the term in the way you > mean it). > > For example, anonymity-friendly service provider nologs.example might > offer a recursive resolver for anyone who wants to use it, while > identifying themselves to the public with cryptographically-strong > credentials. > I am all for the service user being anonymous. I do not want to use an anonymous service though. What I mean by promiscuous is using the service that happens to be advertised in DHCP for anything other than bootstrapping and that only when absolutely necessary. > The trust relationship for a recursive resolver is directional, not > symmetric. > The resolver is trusted by the client. Ergo it must be chosen and it must be trustworthy.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
