On Apr 19, 2015, at 5:19 AM, Ralf Weber <d...@fl1ger.de> wrote: > > On Fri, Apr 17, 2015 at 03:48:59PM -0700, manning wrote: >> exercising line item veto… >> >> I think #3 is ready to proceed. The other two suggest fundamental >> changes to the DNS which need more thought. > I disagree. Switching DNS from 0.001% of queries over TCP to 100% is > IMHO a far greater change to DNS then the other proposals. I think > we don't know enough yet to adavance just one proposal.
Just to clarify: draft-hzhwm-dprive-start-tls-for-dns does not propose to switch 100% of DNS to TCP. It only proposes switching the traffic between stubs and recursives that agree to the new TCP-based protocol. If a recursive doesn't want to do TLS, it simply doesn't advertise that it is willing to do so, in the same way that in the other proposals, if the recursive doesn't want to encrypt, it simply doesn't advertise that. --Paul Hoffman _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy