> What worries me is if we build a circular dependency into the stack. TLS is > layered on top of DNS at several points. The names used in TLS are DNS names.
Let's step back a minute. We are worried that TLS carries clear text that may disclose the nature of the service. In the absence of such disclosure, adversaries only know that the client is using "one of the many services collocated at the IP address of this server." With the disclosure, adversaries discover that the client is "using a private DNS resolver service located at the IP address of the server." But then, look at what happen if we define a special purpose protocol, different from TLS. Adversaries can presumably identify that this is "the DPRIVE protocol." Thus, they can identify that the client is "using a private DNS resolver service located at the IP address of the server." What kind of privacy would we gain? -- Christian Huitema _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
