> On Mar 31, 2021, at 11:28 PM, Rob Sayre <say...@gmail.com> wrote: > Plenty of folks have evaluated the costs here.
And in all cases, they’re non-negative. Which is the point. >>>> >> Could you state the problem that’s being solved? >>>> >> >>> > Sure, it's in the first sentence of >>> > https://tools.ietf.org/html/draft-ietf-dprive-opportunistic-adotq-00: >>> > >>> > "A recursive resolver using traditional DNS over port 53 may wish instead >>> > to use encrypted communication with authoritative servers in order to >>> > limit passive snooping of its DNS traffic." >>> >> Right, so that just means the wording of the draft is over-broad, in that it >> just says “authoritative” rather than “authoritative SLD” or something. >> It’s quite a stretch to think that anything sensitive would be disclosed >> between a well-behaved recursive and a _root_ server, since it doesn’t >> disclose either the individual nor the domain being queried. >> >> So, again, what problem would be solved? >> > In that case, I think the goal would be to prevent aggregate measurements, > rather than individual data. Moving the goalposts. So you’re saying that we all need to go spend some non-negative number, which, for us, is 3x-5x as much, in order that third parties should not know the relative volume of recursor cache-misses with respect to different TLDs? Why is this something I would want to spend my money to achieve, when there are problems that aren’t hypothetical, and for which there are real live constituents, on which I could spend the money instead? -Bill
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
