> Which is one of the reasons why I have been rather suspicious of the > 'just use DTLS' approach. Building on DTLS means importing all the > current and future complexity of TLS. > > That seems rather a lot of overhead when all we need to do at the DNS > layer is to take a message M, encrypt it under a key and plonk a MAC > code on the end. >
What about “Just use QUIC” ? It might have a better future with DNS than DTLS. > > I know that the counter argument is that 'TLS is a known quantity, 20 > years have gone into development'. But like the argument that 'open > source is better because anyone can review' we are seeing that its not > necessarily true. Code can get worse over time as well as better. Open source is still better because anyone can review. But code get worse with time, either closed or open source, unlike wine. Rubens _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
