On Tue, 10 Jul 2018, Philip Homburg wrote:
For example www.example.com pushes you a AAAA record for img1.example.com.
Should you use it? What if it is for img1.img-example.com ? Do the
relationship between these domains matter? What kind of relationship (i.e.
it could be a domain relationship, or in the context of a browser it might
be a first-party tab like relationship, etc..)? What are the implications
of poison? Trackers? Privacy of requests never made? Speed? Competitive
shenanigans or DoS attacks?
This was out of scope for DoH.
I'm also confused about what the scope is. If you connect over TLS to a
site and it has links to other hostnames, I guess you trust it ? The
TLS/trust mechanism has really no other way of certifying the content
server over TLS, unless you want to object/webpage signing. Which is
impossible in today's dynamic web state.
Are you trying to re-invent DNSSEC for people who don't want to deploy
DNSSEC?
It seems more like an extension of the Public Suffix. Which domains can
make claims about other domains.
I'm not sure I see the connection with private DNS queries.
Paul
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
