On Wed, Apr 15, 2015 at 09:08:44AM -0400, Warren Kumari <war...@kumari.net> wrote a message of 35 lines which said:
> 3) TLS for DNS: Initiation and Performance Considerations: > http://datatracker.ietf.org/doc/draft-hzhwm-dprive-start-tls-for-dns/ I think it should be adopted because: * It provides confidentiality through encryption. * It may provides authentication (even if it is not detailed currently). * It relies on a well-known, widely implemented protocol. TLS has weaknesses but they are known. I suspect that alternative proposals have as many weaknesses but they are yet undiscovered. * It relies on TCP, which is not a problem for me, there are good reasons, besides privacy, to do more TCP for the DNS (such as reflection attacks) and I think it is realistic (rfc5966bis) > 1) Confidential DNS: > https://datatracker.ietf.org/doc/draft-wijngaards-dnsop-confidentialdns/ A nice second-choice. The good thing is it uses UDP, which makes one less change to the DNS. The bad thing is that it is yet another new protocol and new security protocols tend to have hidden holes. > 2) Private-DNS: https://datatracker.ietf.org/doc/draft-hallambaker-privatedns/ Frankly, I was never able to master it completely. Insufficient brain power. 4) DNScrypt Only one implementation, few users, very little experience, no intent from its supporters to engage in a dialog. _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy