vjs at rhyolite.com
Fri May 31 16:15:03 UTC 2013
> Yes, except that DNS-over-TCP helps reduce the risk of MITM, which
> is a perceived channel-validation benefit of DNSSEC.
How does DNS/TCP reduce MITM risks enough to talk about? How is
DNS/TCP a problem for governments and other bad actors? 25 years
ago I naively assumed that "transparent" and "translucent" proxies
for popular TCP based protocols were not practical at scale. Then
AOL started proxying port 25 and now everyone has man in the middle
proxies for all kinds of TCP applications including some that are
ostensibly protected with TLS.
Vernon Schryver vjs at rhyolite.com
More information about the dns-operations