On Thu 2014-10-23 22:44:19 -0400, Phillip Hallam-Baker wrote: > On Thu, Oct 23, 2014 at 7:50 PM, Daniel Kahn Gillmor <[email protected]> > wrote: > >> On Thu 2014-10-23 08:45:45 -0400, Phillip Hallam-Baker < >> [email protected]> wrote: >> >> > Which in my view means that the recursive has to be a trusted service and >> > the notion of promiscuous recursive resolver use has to be stamped out. >> >> I'm not convinced that your conclusion follows from your premise here, >> Phil. >> >> I agree with your premise that a recursive resolver needs to be a >> trusted service. >> >> But i don't see why a trusted recursive resolver can't be "promiscuous" >> (though it's possible that i'm not understanding the term in the way you >> mean it). >> >> For example, anonymity-friendly service provider nologs.example might >> offer a recursive resolver for anyone who wants to use it, while >> identifying themselves to the public with cryptographically-strong >> credentials. > > I am all for the service user being anonymous. I do not want to use an > anonymous service though.
Right, so you're saying "promiscuously using arbitrary recursive
resolvers is a bad idea", but not that "promiscuous recursive resolvers
are a bad idea".
> What I mean by promiscuous is using the service that happens to be
> advertised in DHCP for anything other than bootstrapping and that only when
> absolutely necessary.
yep.
--dkg
pgpXNKwYUQVDu.pgp
Description: PGP signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
