On Tue, 2 Oct 2012, Paul Vixie wrote:
One of the last resorts of dnssec-trigger is to use SSL port 443 for
DNSSEC. If that fails, it is unlikely that DANE (https, also SSL port
443) can work. Thus, logically, this service is very likely to provide
DNSSEC when DANE must have it.
has the ssl format been submitted as an internet-draft, or is this a
"private standard"?
This works less reliable then port 80 in my experience. Even hotspots
seem to detect this is different from real 443 traffic and dropping it,
possibly various porn filter softare and the like.
AFAIK, Wouter did not submit it as a draft, and (see previous email)
I would prefer to develop something that can do HTTP or HTTPS for
dnssec-chains. If we are making anything that does 1 query per TCP
connect, or worse, 1 query per TLS connection, it will just not work.
Paul
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
