Associated discovery security differences

[martinthomson]

Two options are presented for discovering an associated resolver:

1. enhance the discovery process for the resolver to provide secured options in parallel
2. ask the unsecured resolver for its opinion

The draft should discuss the consequences of this choice, particularly from the perspective of security. In the former, any exposure to attack is limited to the discovery method. However, the latter creates a new point that needs to be secured.

This doesn't mean that either is invalid: in many cases these reduce to network operators being able to decide who answers DNS queries, but there are operational differences between securing network configuration and securing DNS resolution that are relevant in some contexts. We at least need people to be aware of these differences.

[chris-box]

Good point. Text will need to be written.

[chris-box]

This issue still needs text, but now it would refer to the difference between network-identified (1) and resolver-identified (2).