DNS privacy requires us to make two changes to the DNS protocol.
1) The resolver is acknowledged as being a trusted service
2) Some form of crypto is added between the transport and application layer
in the client-resolver protocol.
So far we seem to have focused on the second issue. But that is
Question: Is anyone proposing that we can achieve DNS privacy while
maintaining the current practice of the client defaulting to the DNS server
advertised in DHCP?
Yes, cga-tsig *might* be an option but for DHCP security, it is dependent to
SAVI-DHCP or any monitoring mechanism in the
On Thu, Feb 19, 2015 at 1:21 PM, Ted Hardie ted.i...@gmail.com wrote:
Howdy,
On Thu, Feb 19, 2015 at 7:20 AM, Phillip Hallam-Baker
ph...@hallambaker.com wrote:
DNS privacy requires us to make two changes to the DNS protocol.
I'm a little confused as to why this isn't on DPRIVE, but
