Seems we have a greatly enlarged problem domain than that we're on about with RDS. Here are a few things that caught my eye in the DNS Privacy Problem Statement by S. Bortzmeyer (AFNIC maeven] to the IETF Network Working Group: 1. Apropos, DNSSEC and confidentiality of the DNS messaging: *"(DNSSEC, specified in RFC4033] explicitely excludes confidentiality from its goals.) So, if an initiator starts a HTTPS communication with a recipient, while the HTTP traffic will be encrypted, the DNS exchange prior to it won’t be."* 2. Apropos, surveillance: *"The best place, from an eavesdropper’s point of view, is clearly between the stub resolvers and the resolvers, because you are not limited by DNS caching."* Per #1, I simply didn't realize this was the case! Per #2, I long figured that were I in the surveillance business, parking on the highway joining the requestor and nameserver with my ears open is the optimal point to get all the metadata one could ever hope. As the writer notes, they are "*not in the communication path but are enablers*". Individual targeting -meaning direct access - can be arranged by one or other means from the info presented by metadata. Thanks to Michele for sharing. See it all here: http://tools.ietf.org/pdf/draft-bortzmeyer-perpass-dns-privacy-00.pdf - Carlton =============== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================