The user scenarios that I can think of are:
1) Users want DNS transaction privacy if possible
2) Users need absolute DNS privacy
3) Users want DNS transaction authentication if possible
4) Users need absolute DNS authentication
#1 is basically opportunistic encryption: the resolver keeps going even
if the server can't be authenticated. A MITM can see the transaction,
but a passive observer cannot. Widespread use of #1 would reduce the
ability to snoop on resolver traffic.
I cannot think of a real use case for #2. That is, I cannot imagine a
way for a user to usefully signal to a resolver "you must have
authenticated transaction privacy with all authoritative servers; if any
of the servers cannot do that, don't continue and return an error to
me".
#3 does not help prevent any attacks I can think of.
#4 is a new use case that has been discussed recently to give assurance
of results in unsigned zones, and assurance of child NS and glue records
in signed zones. This use case is not about privacy.
--Paul Hoffman
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
