I'm giving a talk on Weds at #ripe76 on our survey re: interest and concerns about DNS privacy. Want to make sure this isn't like DNSSEC all over again - if we build it, will operators deploy it? Or are we adding complexity that most operators would rather not have?
Not saying that these things are bad. Any security improvement is a good thing. But they don’t provide any privacy. Just authentication. Maybe once SNI encryption is a thing, we can talk. Right now, it’s wankery/marketing/ways to get funding.
-
-
Meanwhile, domain fronting is being killed by major operators. Including companies chanting “DNS privacy”.
-
Frank, Thanks for your comments. I don’t understand this last comment. Care to dm me and explain further?
- 1 more reply
New conversation -
-
-
Not to overstate the impact, but it does seem like QName minimization should have been the default, with hindsight. It feels like the least we can do to remedy that.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.