DNS is an application that runs on a single port between two hosts. In that environment, TLS is always a much more appropriate protection mechanism than IPsec for the numerous reasons PaulW gave.
We don't need to document this decision any more than we need to document every application's choice to use TLS. --Paul Hoffman _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy