On Thu, Apr 23, 2015 at 4:21 PM, 🔓Dan Wing <[email protected]> wrote:
> I am not an expert on DTLS but that was the concern that made me avoid using > it. I want a completely stateless resolver, not just UDP. > > That means using either a very fast ECC scheme for authentication or some > sort of kerberos ticket. > > > I believe "Transport Layer Security (TLS) Session Resumption without > Server-Side State", https://tools.ietf.org/html/rfc5077 solves that problem. > It works with TLS and with DTLS. That is an option in DTLS. For a DTLS based scheme to be acceptable, client support has to be mandatory. If we do that, I have no problem with the additional overhead. The question then is whether we can profile DTLS without in effect requiring a new implementation library. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
