On 05 Mar 2014, at 14:12, Stephane Bortzmeyer <[email protected]> wrote:
> More generally, we need to decide whether we want a truly end-to-end > solution (which would be very much at odds with the architecture of > the DNS) or if we are happy to protect only the messages in transit, > leaving the issues of syping by intermediate servers to other > solutions (QNAME minimization, local caching resolvers…). perhaps there is a need to separate the problem into tractable chunks. For the part of the problem about authenticating the recursive resolver (the fake 8.8.8.8 problem) we probably a different solution than for the metadata snooping problem (who is asking for what). Perhaps it might be the case there are already existing features that can be used to get what we need (e.g. SIG(0) for the recursive resolver, wild!) and, as Roy Arends was mentioning over a few drinks, onion-like routing to separate the who from the what in questions in an effective manner. These could be even user-triggered on demand for certain traffic types (For instance as a consequence of turning on private browsing in a browser), so the overhead penalties are only incurred for the desired subset of traffic. Joao
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
