On Tue, Mar 30, 2021 at 05:53:59PM -0700, Erik Kline wrote: > On Tue, Mar 30, 2021 at 5:33 PM Stephen Farrell <[email protected]> > wrote: > > > > > Hiya, > > > > On 31/03/2021 01:24, Eric Rescorla wrote: > > > As I said earlier, this seems overly conservative given our experience > > with > > > large scale TLS-based services. > > > > For the root servers, I don't get why QNAME minimisation > > isn't enough? If it is enough, that'd imply to me that the > > root server operators statement is fine, so long as it > > is only read to apply to root servers and not TLDs. > > > > I had to think about this for a bit, because I didn't properly appreciate > that before. > > I think, "IN NS com." doesn't reveal much information. But perhaps "IN NS > sensitive-tld." could have privacy implications for some folks?
This suppose that tracking the subsequent TLS connection to the TLD auth server would not reveal that "secret"... _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
