Alex Bligh wrote:

> --On 06 June 2004 17:08 +0000 Paul Vixie wrote:
>> i agree that transaction secrecy is orthogonal to zone confidentiality,
>> but both are part of the general field of "things dnssec doesn't do" and
>> i expect that a proper field survey will turn up *both* as requirements
>> for -TER.
>> if privacy can be handled with tls or ipsec then so be it -- but for now,
>> my goal is to "get everybody's concerns out onto the table." for -TER,
>> "opt-in" might come back for another round of debate.

> I agree we should do a proper survey etc., and I am not suggesting
> your question was not worth asking. We should indeed get everyone's
> concerns on the table.
> However, I think we should draw a distinction between "requirements"
> in the general sense, and "requirements for -ter", for at least 2
> reasons:
> 1. Some requirements can be, should be, and/or are already addressed
> by things other than -ter. For instance TLS. The wonders of layered
> protocols mean we don't have to reinvent the wheel.

It isn't quite that easy - TLS is a TCP protocol, so moving to it would
prohibit the use of UDP in DNS. There isn't (yet) a UDP equivalent.




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

to unsubscribe send a message to with
the word 'unsubscribe' in a single line as the message text body.