Hiya,
On 31/03/2021 14:12, Jim Reid wrote:
I know that Stephen. The point I was trying (and apparently failing) to make was there are other privacy-friendly tools/protocols available that could well be good enough solutions for some parts of the problem space. As an example, widespread adoption of RFC8806 - no sniggering at the back! - could obviate the need for encrypted queries to the root or possibly offload the TLS goop to the local instances of the root. But the WG doesn’t seem to want to consider that.
Not sure how you reach that conclusion TBH. ISTM that that is actively being discussed. It seems pretty obvious thought that while such mechanisms can certainly help for root servers, there is going to be a need for a TLS-based mechanism if TLDs want significantly better privacy. I reckon that's the case even if traffic from large recursives isn't considered sensitive - there'll I guess always be many smaller recursives where queries are going to be sensitive. (What's not yet clear is whether we can define a TLS-based mechanism that's good enough to get widely deployed by TLDs.) Cheers, S.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
