ific about which clients we're talking about
-- not just which specific transport the DNS records arrive over.
--dkg
--
Daniel Kahn Gillmor
Senior Staff Technologist
Speech, Privacy, and Technology Project
American Civil Liberties Union
+1.212.284.7336
OpenPGP fingerprint: 0EE5BE979282
On Thu 2015-07-23 18:50:14 +0200, Alexander Mayrhofer wrote:
> I had a discussion with Daniel Khan Gillmor today, and we talked about
> his proposal to specify a padding option in TLS so that message-size
> based correlation attacks on encrypted DNS packets could be
> prevented. We continued discu
On Thu 2015-07-02 16:20:30 -0400, Tom Ritter wrote:
> As an idea: some months ago dkg looked at hooking up unbound to an
> upstream resolver over TCP/TLS. It works, but it isn't ideal right
> now. Our findings:
>
> A) client and server together negotiate TLS 1.2 (that's good!)
>
> B) client does
[ not subscribed to dnsop, so this might not post to the list; please cc
me on replies ]
On Wed 2015-05-20 08:06:11 -0400, Tom Ritter wrote:
> On 5/19/15 5:18 PM, Suzanne Woolf wrote:
>> 4. It's been pointed out that the maintenance of the special use names
>> registry is complicated by the fa
Hi dnsops folks--
This is a minor thing, but something i'd like to see happen more often.
At the WG meeting in November of last year, there was a clear sense in
the room that everyone agreed (and maybe had for years?) that OpenSSH's
sshd should not be using reverse DNS lookups on client IP addres