On Thu, 13 Nov 2014, Hugo Connery wrote:
2. Trust between clients (stubs) and recursive resolvers
Whether the communication to the recursive resolver is encrypted or not the
resolver itself knows all queries (data and metadata). There is an
implicit
trust relationship between the client and recursive resolver.
This is a political rather than technical issue (unless some PIR style
solution is pursued) and is probably outside the scope of DPRIVE.
I would like to see that any solution would actually tackle this
problem. A more and more common scenario is to only use local DNS for
bootstrap and then rely on another non-local DNS server outside the
control of the local network.
For example, if Google DNS could advertise a "resolver public key" than
I could use the hotspot DNS to pay/click ok, and then only send
encrypted DNS to Google so the local network cannot see any of it.
The same scenario would apply to ISPs whose nameservers people would
like to not trust or use.
3. Recursive to Authoritative
Without the possibility of encrypting this stage, the client becomes
anonymous
within the community that is using the recursive resolver. Encrypting
this step
may be "too much" for now (and it will incur challenges for auth resolvers).
If omitted, I hope that the community will re-visit the issue.
Agreed. This problem is very hard because it is a DOS against
authoritative servers.
Paul
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
