On Aug 12, 2020, at 5:44 AM, Vladimír Čunát <[email protected]> wrote: > > On 8/6/20 4:59 PM, Paul Hoffman wrote: >> In this use case, a resolver operator says “I’m happy to use encryption with >> the authoritative servers if it doesn’t slow down getting answers by much”, >> and an authoritative server says “I’m happy to use encryption with the >> recursive resolvers if it doesn’t cost me much”. > > This motivation confuses me a bit, but perhaps it's just me. I'd expect > the extra performance costs to be quite close to authenticated > encryption, at least in principle.
Yes, definitely. > And the extra privacy gain feels > relatively small in comparison. The privacy gain is preventing passive snoopers from being able to see the traffic. That seems important to some people, not to others. > In any case, there may be other common motivations for going > opportunistic. For example the fact that for years we don't seem to > really move towards consensus about how exactly the authentication could > be done, but that motivation would be incompatible with desires like > developing these two approaches together - and I must admit I'd really > like to minimize incompatibility among the future approaches (DoT and > DoH come into mind). That's exactly why the use case included: > • Other use cases for authentication stronger than opportunistic may appear > and would co-exist with this one As folks with other use cases for authenticated (normal!) encryption clarify their use cases, nothing in the opportunistic use case should make their work any harder. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
