On Thu, Feb 6, 2020 at 9:39 PM Eric Rescorla <[email protected]> wrote: > > The question at hand is not about whether it ought to recommend DNSSEC > validation but rather whether the text around that, which implies that > failure to do so has a high risk of sending your sensitive *web* traffic to > the attacker, is accurate given the high fraction of Web traffic that is > protected with TLS and the likely even higher fraction of sensitive traffic > that is.. >
This is not the best argument, since the interaction of DNS and subsequent TLS traffic is not defined. An example is < https://www.zdnet.com/article/brazil-is-at-the-forefront-of-a-new-type-of-router-attack/ >. Talking about a "high fraction" of traffic is not very convincing, since most traffic is obviously not subject to these attacks. thanks, Rob
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
