On Wed, Jul 07, 2021 at 01:54:37PM -0400, Warren Kumari wrote:
> Viktor is suggesting that QNAME Minimization should be stopped when
> you run into an underscore ("_") label, instead of this being worded
> as a potential, optional mechanism.
>
> Obviously there is a tradeoff here -- privacy vs deployment.
> 1: while it's **possible** that there is a delegation point at the
> underscore label, (IMO) it is unlikely. If there is no delegation, you
> will simply be coming back to the same server again and again, and so
> you are not leaking privacy sensitive information.
>
> 2: some recursives are less likely to enable QNAME minimization
> because of the non-zero ENT and slight performance issues.
>
> What does the WG think? Does the privacy win of getting this deployed
> and enabled sooner outweigh the potential small leak if there *is* a
> delegation inside the _ territory of the name?
>
> Should the advice above be strengthened to SHOULD / RECOMMENDED?
Thanks, Indeed I'm arguing for RECOMMENDED (synonymous with SHOULD IIRC,
but sounds less intrasigent).
--
Viktor.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
