All,
Thanks for a productive set of exchanges on the user perspective
last week! I would like the focus for this week (10/1-10/7) to be on
clarifying the requirements from the perspective of the recursive
resolver operator. So far, I have seen:
* DNS transaction privacy w/o authentication
*
On 25 Jul 2018, at 18:07, Paul Wouters wrote:
On Jul 25, 2018, at 12:37, Paul Hoffman
wrote:
Some resolver operators have recently spoken of a new use case:
giving assurance of results in unsigned zones, and assurance of child
NS and glue records in signed zones. This use case is not
> On Jul 25, 2018, at 12:37, Paul Hoffman wrote:
> Some resolver operators have recently spoken of a new use case: giving
> assurance of results in unsigned zones, and assurance of child NS and glue
> records in signed zones. This use case is not about privacy.
That should not be
Some resolver operators care about their customers' general privacy. In
such a case, they would want to prevent passive snooping of
communications between the resolver and authoritative servers.
Preventing passive snooping would require encryption, but does not
require authentication.
Some
This thread is for discussion of the recursive resolver operator
perspective of DNS privacy between the recursive resolver and
authoritative servers.
- Focus on *what* is needed.
- Avoid *how* to achieve it.
- Consider both ends of DNS the exchange.
- Scenarios will frame the
This thread is for discussion of the recursive resolver operator
perspective of DNS privacy between the recursive resolver and
authoritative servers.
- Focus on *what* is needed.
- Avoid *how* to achieve it.
- Consider both ends of DNS the exchange.
- Scenarios will frame the