On Tue, Mar 30, 2021 at 5:33 PM Stephen Farrell <[email protected]> wrote:
> > Hiya, > > On 31/03/2021 01:24, Eric Rescorla wrote: > > As I said earlier, this seems overly conservative given our experience > with > > large scale TLS-based services. > > For the root servers, I don't get why QNAME minimisation > isn't enough? If it is enough, that'd imply to me that the > root server operators statement is fine, so long as it > is only read to apply to root servers and not TLDs. > I had to think about this for a bit, because I didn't properly appreciate that before. I think, "IN NS com." doesn't reveal much information. But perhaps "IN NS sensitive-tld." could have privacy implications for some folks? > > > With that said, this doesn't seem to me to present a severe problem: > there > > are a relatively small number of TLD servers, so we could probably > create a > > lookaside list of which ones support TLS as suggested in > > draft-rescorla-dprive-adox-latest-00 Section 3, > > I agree that the privacy issues with TLD servers are more > worthy of attention and I guess require encryption if we are > to improve things. I'm not saying the above draft is a good > way to handle that, but the problem in querying TLDs is real, > whereas for root servers it seems to me way less of a deal. > > Or... am I confused? (That happens often:-) > > Cheers, > S. >
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
