Hi, Just for information, what are the technical reasons IPsec has not been considered at all for providing DNS privacy.
The use of IPsec could re-use existing extensions like NAT traversal, compatibility with UDP/TCP, resilience to change of IP addresses... and this without creating new extensions. Would it worth being documented ? BR, Daniel On Mon, Apr 13, 2015 at 5:20 PM, Stephen Farrell <[email protected]> wrote: > > Hi Paul, > > I'm not sure if your point was meant to relate only to DHCP > setting the DNS server IP, but if not then I have a question... > > On 13/04/15 21:21, Paul Wouters wrote: > > If you have an attacker on the last mile, there is nothing you can do. > > Passive only protection against the last mile is a wasted effort. On > > the last mile, there are only active attackers. > > Do you have evidence of the absence of passive attackers and if > so with what definition of last mile? > > Noting that an active attack is possible does not IMO mean that > defence against a passive attack is worthless. That is a case > that would need to be made IMO. And the counter argument is that > the probability of an active attack may differ significantly from > the probability of a passive attack. > > Basically, I think you're overstating things in the quoted text. > > S. > > > > > > > Paul > > > > _______________________________________________ > > dns-privacy mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/dns-privacy > > > > > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy > -- Daniel Migault Ericsson
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
