On Tue, 24 Sep 2013, Karl Malbrain wrote:
>> To obviate the harvesting of meta-data, we do need a secure interface to DNS.
>It might help but giving people urls that will trigger dns requests for
>tracking is pretty easy. Only something like tor might safeguard against
>that.
I'm not following you here. Can you elaborate on the threat? I was referring
to passive monitoring of DNS traffic by third parties who want to know what
domains you are visiting.
>> Given the reluctance of browser writers to implement DANE, we're going to
>> need something like encrypted >>QUIC available as a transport
>> first.
>There will be dane in browsers, once we ensure it is cheap
>enough on high latency devices. Eg see
>http://tools.ietf.org/html/draft-wouters-edns-tcp-chain-query-00
>It's easy to add anonymous IPsec to open resolvers (and I'm in the
>process od doing so) but hiding DNS queries involves a lot more than
>just encrypting queries.
>Paul
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
