> Indeed. Confidentiality is a nebulous word. That might include anything
> up to an including:
> * Ensuring noone with access to the wire between server and resolver
> can infer anything about either the names resolved, or the results of
> that resolution
> * Ditto with respect to those with the ability to snoop caching
> nameservers
> * Requirements for clients themselves to authenticate before being
> given confidential data


yup...

> I think Paul dropped the confidentiality suggestion in as a possibility.
> I don't think anyone has yet argued for it, and if they do, I think
> it's a mostly orthogonal requirement to the enumerability problem
> (certainly the above type of requirements are not something Nominet is
> looking for to my knowledge).


may or may not have been Paul (which one?) but it
is certainly called out in the DNS threat model RFC.
And Geoff did indicate that Nominet has received legal
advice that confidentiality is required. Rock/hardPlace.


> Alex


--bill

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: