diff --git a/bip-XXXX.mediawiki b/bip-XXXX.mediawiki index 1c91a1d4a4..e128029771 100644 --- a/bip-XXXX.mediawiki +++ b/bip-XXXX.mediawiki @@ -77,6 +77,10 @@ However, for the best privacy, payers are encouraged to perform DNS resolution o Lightning payers should consider utilizing DNS resolution over native onion messages, using the protocol described in [[BLIP 32|https://github.com/lightning/blips/blob/master/blip-0032.md]] +=== DNS Enumeration === + +In most cases where payments are accepted from any third-party, user enumeration is practical by simply attempting to send small value payments to a list of possible user names. However, storing all valid users in the DNS directly may make such enumeration marginally more practical. Thus, those wishing to avoid such enumeration should carefully ensure all DNS names return valid payment instructions. Note when doing so that wildcard records are identified as such by the DNSSEC RRSIG labels counter and are differentiable from non-wildcard records. + == Examples == `matt@mattcorallo.com` resolves to