[liberationtech] RFC: comments on discovery mechanisms
Jacob Appelbaum
jacob at appelbaum.net
Fri Dec 3 12:00:41 PST 2010
On 12/03/2010 02:48 PM, David-Sarah Hopwood wrote:
> DNSSEC might prevent forgery, but cannot prevent blocking.
>
This is my major point of frustration with DNSSEC. It is easy to provide
query privacy for clients and some important DNSSEC people don't
understand why this is important.
My attempts to discuss this with DNSSEC people usually ends in
frustration. They see no point in privacy for a user's queries if they
intend to directly connect to the site. Of course if the site has TLS,
the game changes and DNSSEC becomes the weakest privacy link.
Frustrating!
All the best,
Jacob
More information about the liberationtech
mailing list