> -----Original Message----- > From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Evan Hunt > Sent: Thursday, March 06, 2014 6:32 PM > To: Stephane Bortzmeyer > Cc: Tony Finch; dnsop@ietf.org > Subject: Re: [DNSOP] my dnse vision > > On Thu, Mar 06, 2014 at 02:50:20PM +0000, Stephane Bortzmeyer wrote: > > The only place where server authentication could be useful is between > > a stub and the first resolver. > > I think that's exactly the point that was under discussion, though: > How can people who don't want their DNS traffic snooped and analyzed, but > have decided for some reason to use 8.8.8.8 anyway, be sure they're talking > to the "real" 8.8.8.8? :) > > --
This is actually addressed in CGA-TSIG draft (a secure authentication) and also confidentiality _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
