On Mar 2, 2015, at 3:13 AM, Stephane Bortzmeyer <[email protected]> wrote: > There never was a mention of this working group here, so here it is: > "tcpinc" tries to encrypt all TCP flows, without caring (too much) > about authentication. > > https://datatracker.ietf.org/wg/tcpinc/ > > Together with RFC 5966, could it be a "lightweight" solution for DNS > encryption?
Sure, but one that the client will never know about. TCPINC is for environments where the client application will never know that their TCP traffic is encrypted; I assumed that DPRIVE was for when the stub resolver *would* know and could make choices based on that. >From the stub resolver's point of view, TCPINC is no different than running >over an IPsec tunnel. --Paul Hoffman _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
