red wrote:

> For NL it was b) and only b), and it was also recognised that,
> indeed, it is a whois and not a DNS problem.


(where "b)" was non-enumeration.)

non-enumeration as a baseline for what confidentiality means is instructive.
the folks i've spoken to who care about this characterize it as "if you know
the domain name exists you should be able to retrieve data about it, else not."
and when faced with the "rrtype" question, they universally amend it to say
"and if you know what rrtypes exist you should be able to ask for rdata, else
not."

so, confidentiality doesn't have to mean "if you know something that only a
friend or customer or supplier would normally know then you can retrieve
data about this domain, else not".

but it probably would mean "if you're not the initiator but you happen to be
able to monitor the transaction in flight, you should not learn any names or
data". this is the second tricky part after non-enumerability, and seems to
imply a full DH preauth between each initiator/responder pair. yow!

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: