> On 8 Feb 2021, at 17:11, Paul Hoffman <[email protected]> wrote: > > Without a fleshwd-out proposal for a fully-authenticated protocol to compare > to, saying that this WG should not try to fulfill its charter to help encrypt > recursive to authoritative traffic just seems wrong.
Paul, just because the WG *can* choose to do something doesn’t necessarily mean it *should*. I’m not convinced there’s much to be gained from encrypting recursive-to-authoritative DNS traffic. Or that this will ever get deployed at scale. Have the use cases and requirements been documented for the problems this ID is intended to solve? However my main concern are the unintended consequences from the standards track(?) RFC that eventually emerges. That could get baked into RFPs for DNS service or ICANN registry contracts, creating major operational and deployment problems for anycast providers who’d be on the hook for servicing bazillions of presumably encrypted queries per second.
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
