> On 10 Dec 2016, at 21:26, John R Levine <[email protected]> wrote:
Hi John, Thanks for the review. > > I read it, and I think it's OK to publish, but I found it very frustrating. > It describes a zillion options but it doesn't tell me what to do. I realize > that there's a fundamentally intractable problem when the info you want to > bootstrap your secure DNS channel has to be looked up in the DNS, and also > realize that since this is so new, we have no operational experience so the > most we could do would be a BWSP.* > > You might consider adding something about the info leakage tradeoffs > of various bootstrap schemes. For example, if the client knows the > name of the cache it wants to use, and queries in the clear for SRV, > A, and TLSA, those will leak but as soon as it connects to port 853 of > the cache, anyone sniffing traffic will know that's the cache it's > using anyway, and anyone with passive DNS could recover the name. Or if you > distribute the name and DNSSEC chain out of band, that hardly leaks anything > but has all the problems of manual key distribution. I really like this idea - thanks. I’ll work on adding this to the document. > > Once we have experience, a real BCP describing what works in practice > would be useful, too. Agreed. Sara. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
