In article <CACsn0c=6Kv5j0SKJkTLxSNSPoz_uA62p1vTjWx=ccvjbnv4...@mail.gmail.com> you write: >Encryption at the root is very possible.
Indeed, but that's not the same question as whether it's a good idea. It is my strong impression that whatever problem you would solve with DoT to the root can also be solved using a local copy of the root, which has the practical advantage that you can do it right now. Also, depending how we decide that a name server signals that it supports DoT (or perhaps a parent gives a hint with the referral) it might make life a lot easier if the signals don't have to start all the way at the top. Let's put this in the pile of things to think about later. R's, John _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
