On Tue, Nov 26, 2019 at 09:51:14AM -0800, Brian Dickson <[email protected]> wrote a message of 98 lines which said:
> However, if the only place the client is able to establish an > encrypted path to is a forwarder, this leave open the possibility > that the forwarder->(forwarder->[...])->resolver might involve one > or more unencrypted connections. I'm not sure I understand the problem. This case is just an instance of a more general problem "the machine you talk with may betray you and no amount of cryptography will help here". The resolver can send a copy of all your requests to the NSA (or its chinese equivalent), or it could use a forwarder over an unencrypted connection. What's the difference? _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
