On Tue, 14 Apr 2015, Stephen Farrell wrote:
I wonder if the last mile concept is what we really want.
Hmm, you are right. I guess we use "last mile" as a short hand. The two situations really are: 1) a remote DNS server for which we have a public key and can authenticate and encrypt with. 2) a local (local-ish or sometimes remote) DNS server, for which we have no identity information so we can encrypt but not authenticate. Usually 2) is the "last mile" and 1) is usually not the "last mile" I think we should strive to have many of 1) available for people all over the net. And that 2) should only be used to confirm (via DNSSEC) a transport to reach 1) Paul _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
