> On Aug 17, 2015, at 6:42 AM, Warren Kumari <[email protected]> wrote: > > On Tue, Aug 11, 2015 at 2:00 PM, Joe Touch <[email protected]> wrote: >> >> Hi, Warren, >> >> It might be useful to summarize on this list the rationale for this >> allocation and the plan for its use. >> >> In particular: >> >> - why port 53 is not sufficient using STARTTLS >> > > - The WG decided that using a new port instead of a STARTTLS or > octet-matching would better suite our operational goals. > We had significant discussions on this, and we have concerns about > things like middle boxes reacting to non-DNS on 53.
Additionally: - A separate port avoids the 1xRTT incurred by STARTTLS negotiation. - DNS-over-DTLS can't use STARTTLS (at least not as currently described), although it does claim that it can run on port 53. That relies on an unaware server mis-interpreting a DTLS ClientHello message as a DNS message with Opcode=15. That, in turn, takes Opcode 15 off the table for future allocation, etc. DW
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
