Re: [dns-privacy] New draft on encrypting the stub-to-resolver link: draft-hoffman-dns-tls-stub-00.txt

Wes Hardaker <wjhns1@hardakers.net> Fri, 29 August 2014 12:26 UTC

From: Wes Hardaker <wjhns1@hardakers.net>
To: Mark Andrews <marka@isc.org>
References: <20140818175701.12317.96810.idtracker@ietfa.amsl.com> <FF99C324-2959-48EB-A187-18007F7AA364@vpnc.org> <814D0BFB77D95844A01CA29B44CBF8A7A27F3E@lhreml513-mbb.china.huawei.com> <alpine.LFD.2.10.1408191033210.19423@bofh.nohats.ca> <814D0BFB77D95844A01CA29B44CBF8A7A27FBE@lhreml513-mbb.china.huawei.com> <alpine.LFD.2.10.1408191159190.19423@bofh.nohats.ca> <814D0BFB77D95844A01CA29B44CBF8A7A280CF@lhreml513-mbb.china.huawei.com> <86mwb0e5pd.fsf@strotmann.de> <0l61hdogv2.fsf@wjh.hardakers.net> <20140828022601.E63EE1DA773E@rock.dv.isc.org>
Date: Fri, 29 Aug 2014 05:26:21 -0700
In-Reply-To: <20140828022601.E63EE1DA773E@rock.dv.isc.org> (Mark Andrews's message of "Thu, 28 Aug 2014 12:26:01 +1000")
Message-ID: <0l38cflbwy.fsf@wjh.hardakers.net>
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/9s5rBipGfnAA6KlTX_plNRbOV2g
Cc: Carsten Strotmann <cas@strotmann.de>, Hosnieh Rafiee <hosnieh.rafiee@huawei.com>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>, Paul Wouters <paul@nohats.ca>, Wes Hardaker <wjhns1@hardakers.net>
Subject: Re: [dns-privacy] New draft on encrypting the stub-to-resolver link: draft-hoffman-dns-tls-stub-00.txt
Precedence: list

Mark Andrews <marka@isc.org> writes:

> Actually DNSSEC could give you the key of the resolver securely
> provided it has a public address.  Publish a KEY record signed in
> the DNS under in-addr.arpa or ip6.arpa.  If need to we define flag
> bits to say it is for this purpose.  For private addresses you need
> to have a trust anchor for the private part of the reverse tree or
> use leap of faith.

Yes, that's what I was saying...  I was just following it by "there are
a huge number of private-address resolvers in the real world".

-- 
Wes Hardaker
Parsons

[dns-privacy] New draft on encrypting the stub-to… Paul Hoffman
Re: [dns-privacy] New draft on encrypting the stu… Hosnieh Rafiee
Re: [dns-privacy] New draft on encrypting the stu… Paul Wouters
Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
Re: [dns-privacy] New draft on encrypting the stu… Hosnieh Rafiee
Re: [dns-privacy] New draft on encrypting the stu… Joe Abley
Re: [dns-privacy] New draft on encrypting the stu… Paul Wouters
Re: [dns-privacy] New draft on encrypting the stu… Hosnieh Rafiee
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
Re: [dns-privacy] New draft on encrypting the stu… Carsten Strotmann
Re: [dns-privacy] New draft on encrypting the stu… 神明達哉
Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
Re: [dns-privacy] New draft on encrypting the stu… Paul Wouters
Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
Re: [dns-privacy] New draft on encrypting the stu… Paul Wouters
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Carsten Strotmann
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
Re: [dns-privacy] New draft on encrypting the stu… Stephane Bortzmeyer
Re: [dns-privacy] New draft on encrypting the stu… 神明達哉
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
Re: [dns-privacy] New draft on encrypting the stu… Hosnieh Rafiee
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Jacob Appelbaum
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Paul Wouters
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Jacob Appelbaum
Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
[dns-privacy] draft-hoffman-dns-tls-stub-01 posted Paul Hoffman
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
Re: [dns-privacy] New draft on encrypting the stu… David Ulevitch
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
Re: [dns-privacy] New draft on encrypting the stu… Wes Hardaker
[dns-privacy] Authenticating the resolver Paul Hoffman
Re: [dns-privacy] New draft on encrypting the stu… Mark Andrews
Re: [dns-privacy] New draft on encrypting the stu… Wes Hardaker
Re: [dns-privacy] Authenticating the resolver Wes Hardaker
Re: [dns-privacy] Authenticating the resolver Paul Hoffman
Re: [dns-privacy] New draft on encrypting the stu… John Heidemann
Re: [dns-privacy] New draft on encrypting the stu… Phillip Hallam-Baker