On 1/22/21 3:10 AM, Tom Pusateri wrote:
Would it be ok to allow DNSSEC signed responses from any server? If they’re signed and verified, does it matter how you got them?
Another missing part is privacy, i.e. even if you get exactly the same answers, it doesn't imply you get similar (privacy) properties.
By the way, the add WG is now trying hard to define what it means for two resolver services to be "equivalent" - at least for the purpose of being OK to switch among them without user's consent.
--Vladimir _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
