> -----Original Message----- > From: Paul Wouters <[email protected]> > Sent: Monday, August 16, 2021 1:05 PM > To: Hollenbeck, Scott <[email protected]> > Cc: [email protected]; [email protected] > Subject: [EXTERNAL] Re: [dns-privacy] [Ext] Security Considerations: Traffic > Analysis > > Caution: This email originated from outside the organization. Do not click > links > or open attachments unless you recognize the sender and know the content > is safe. > > On Aug 16, 2021, at 12:43, Hollenbeck, Scott > <[email protected]> wrote: > > > >> Neither of the proposed protocols have any way for an end user to > >> know what part of the recursive-to-authoritative traffic used to > >> answer their query (if any) was encrypted. > > > > [SAH] It's not just about end users. Operators who implement and > > deploy this technology need to understand its limitations > > What would a recursive DNS server do different if the encrypted connection > might be reduced to plaintext ? It’s only options are “keep using it” or > “fallback to clear text”
[SAH] They can employ data minimization techniques to reduce the amount of information sent to the authoritative server. They can pad the payloads. Scott _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
