On Sat, Dec 10, 2016 at 04:26:52PM -0500, John R Levine <[email protected]> wrote a message of 30 lines which said:
> I realize that there's a fundamentally intractable problem when the > info you want to bootstrap your secure DNS channel has to be looked > up in the DNS [...] You might consider adding something about the > info leakage tradeoffs of various bootstrap schemes. For example, > if the client knows the name of the cache it wants to use, and > queries in the clear for SRV, A, and TLSA, those will leak but as > soon as it connects to port 853 of the cache, anyone sniffing > traffic will know that's the cache it's using anyway, This problem exists also for "step 2" (draft-bortzmeyer-dprive-step-2, section 3.2). If anyone can write nice text about it, it would be useful. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
