Greetings. The discussion of encrypting the recursive to authoritative traffic keeps getting bogged down due to lack of use cases. Puneet and I would like to propose a specific use case (the desire to encrypt much more traffic, even if there could be an active attacker in the middle). With that in mind, we wrote up <https://tools.ietf.org/html/draft-pp-recursive-authoritative-opportunistic>. The abstract says: This document describes a method for a DNS recursive resolver to use opportunistic encryption when communicating with authoritative servers. The method here is optional for both the recursive resolver and the authoritative server. A motivating use case for this method is that more encryption on the Internet is better, and opportunistic encryption is better than no encryption at all. Nothing in this method prevents use cases that require better encryption.
We would like DPRIVE to adopt this, and we are open to suggestions on how to improve the protocol. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
