Some resolver operators care about their customers' general privacy. In
such a case, they would want to prevent passive snooping of
communications between the resolver and authoritative servers.
Preventing passive snooping would require encryption, but does not
require authentication.
Some resolver operators have recently spoken of a new use case: giving
assurance of results in unsigned zones, and assurance of child NS and
glue records in signed zones. This use case is not about privacy.
--Paul Hoffman
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
