On Wed, Nov 27, 2019 at 10:04:57AM +0000, Neil Cook <neil.c...@noware.co.uk> wrote a message of 45 lines which said:
> I don’t see why they’re broken by design; You explained it well: > they add no security properties > on top of the (insecure) DHCP mechanism used to contact the resolver > in the first place And the problem is not the (in)security of DHCP. The problem is that if you don't trust the access network to provide you with a secure resolver, why would you trust it to indicate one? If the default resolver (DNS over UDP, obtained through DHCP) lies or records personal data, why would the resolver found by "resolver discovery" be better? > how clients use that information is up to them. They may or may not > decide to trust that resolver, OK, if it is clearly specified, I understand. But it is far from clear, for instance in draft-reddy-dprive-bootstrap-dns-server. _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy