On Mon, May 18, 2015 at 6:51 AM, Christian Grothoff <[email protected]> wrote:
> On 05/15/2015 01:35 PM, Phillip Hallam-Baker wrote: > > Any DNSvNext protocol MUST work in 100% of network situations where > > DNS works or else it has 0% of being adopted. > > Dear Phillip, > > Can I hold you to this statement with respect to this network situation > where DNS "works": http://code.kryo.se/iodine/ I did support exactly that in the original design but I took it out. > (This is my favorite example for a DNS application that cannot be > supported by the GNU Name System, I didn't consider it important, but > clearly you seem to set the bar higher...) > > Also, how can we ever even know all network situations where "DNS works"? > > Isn't your bar saying: "do not touch the system in any way ever"? > No. If you have a negotiation layer inbetween that allows the client and service to negotiate additional transports, you can address even these corner cases. One reason I took them out is that a combination of UDP transport plus WebService transport is sufficient to make PrivateDNS work in any network situation where the Web works. The other is that the only use case for that particular application is bypassing controls using steganographic approaches and I don't want to talk about anything of that nature in this forum because standardizing steganography is a contradiction in terms. If you are doing IPv4 over DNS tunneling then you would need to specify this as your additional transport.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
