> On Apr 15, 2015, at 9:08 AM, Warren Kumari <[email protected]> wrote: > > Hi all, > > So, the big day has finally arrived -- we are initiating calls for > adoption on the three documents. < http://i.imgur.com/SKX3P8J.gif > > > For *each* of the below documents, please **clearly** state if you > would like DPRIVE to adopt it, or if you think that it will be a > distraction / not helpful. > > 1) Confidential DNS: > https://datatracker.ietf.org/doc/draft-wijngaards-dnsop-confidentialdns/ > > 2) Private-DNS: https://datatracker.ietf.org/doc/draft-hallambaker-privatedns/ > > 3) TLS for DNS: Initiation and Performance Considerations: > http://datatracker.ietf.org/doc/draft-hzhwm-dprive-start-tls-for-dns/
I like #3 with the caveat that support for DTLS is added for UDP. I think having a dedicated port (already included in the draft) for TLS/DTLS is beneficial to speed up the initial connection. A STARTTLS mechanism is necessary but hopefully will become less used over time. The benefit of this approach is that it happens apart from the DNS query/response code that does not need to change. Another advantage is that TLS security can improve over time apart from DNS but DNS can gain the benefits without having to roll out new DNS code, only the TLS libraries that are used by multiple protocols (HTTPS, IMAPS, etc). Thanks, Tom
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
