On 8/13/2015 11:13 AM, Paul Wouters wrote:
> On Thu, 13 Aug 2015, Joe Touch wrote:
>
>> Joe Abley reminded me off-list that the service name for DNS is
>> "domain", so my suggestion for the name for this new assignment would
>> then be "domain-s".
>
> Why? Just let the "domain" reference die please, don't build on it.
There are a few reasons to build on "domain":
- the current name is "domain", so if you want to
associate this with the same service but add security,
it's much more obvious to call it "domain-s"
- the use of multiple service names for the same port
is recommended against (RFC 6335), so it's no longer
possible to assign both "domain-s" and "dns-s"
I.e., if you move to "dns-s" you're creating a distinct name for a
service that really isn't new -- it's just a secure alternate of an
existing service.
As to "dnstls", it might be convenient to speak out loud but it breaks
with current service name recommendations in several ways (new base
name, using the -tls suffix rather than -s), and I don't see a good
reason for this service to blaze a new trail compared to other service
assignments.
Besides, IMO, "domain-s" ought to suffice for any secure version,
including future ones that might use a different security mechanism than
TLS.
Joe
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
