On Tue, 24 Sep 2013, Karl Malbrain wrote:
To obviate the harvesting of meta-data, we do need a secure interface to DNS.
It might help but giving people urls that will trigger dns requests for tracking is pretty easy. Only something like tor might safeguard against that.
Given the reluctance of browser writers to implement DANE, we're going to need something like encrypted QUIC available as a transport first.
There will be dane in browsers, once we ensure it is cheap enough on high latency devices. Eg see
http://tools.ietf.org/html/draft-wouters-edns-tcp-chain-query-00 It's easy to add anonymous IPsec to open resolvers (and I'm in the process od doing so) but hiding DNS queries involves a lot more than just encrypting queries. Paul _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
