On Sun, Mar 09, 2014 at 11:28:18AM +0100,
Florian Weimer <[email protected]> wrote
a message of 20 lines which said:
> In most jurisdictions, home networks use recursive resolvers whose
> operators are required by law to provide cleartext copies to local
> authorities.
This (and other similar privacy-invasive cases) is precisely why we
need to improve DNS privacy.
> Encryption won't change that.
As mentioned in draft-bortzmeyer-dnsop-privacy-sol, encryption is
_one_ solution, it is not _the_ solution. At least two other
techniques can complement encryption, QNAME minimization and a caching
resolver on your own machine (possibly forwarding to the IAP's
resolvers).
> If it is about securing broadcast media, just run IPsec between the
> CPE and the first ISP router with trusted ARP and routing tables.
If it were so simple ("just run"), why isn't it pervasive?
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
