FWIW, it would be useful if these issues were documented in the draft, e.g., in the IANA considerations section.
Joe On 8/17/2015 6:16 PM, Mark Andrews wrote: > In message <[email protected]>, "Wessels, > Duane > " writes: >>> On Aug 17, 2015, at 6:42 AM, Warren Kumari <[email protected]> wrote: >>> >>> On Tue, Aug 11, 2015 at 2:00 PM, Joe Touch <[email protected]> wrote: >>>> >>>> Hi, Warren, >>>> >>>> It might be useful to summarize on this list the rationale for this >>>> allocation and the plan for its use. >>>> >>>> In particular: >>>> >>>> - why port 53 is not sufficient using STARTTLS >>>> >>> >>> - The WG decided that using a new port instead of a STARTTLS or >>> octet-matching would better suite our operational goals. >>> We had significant discussions on this, and we have concerns about >>> things like middle boxes reacting to non-DNS on 53. >> >> Additionally: >> >> - A separate port avoids the 1xRTT incurred by STARTTLS negotiation. >> >> - DNS-over-DTLS can't use STARTTLS (at least not as currently described), >> although >> it does claim that it can run on port 53. That relies on an unaware >> server >> mis-interpreting a DTLS ClientHello message as a DNS message with >> Opcode=15. That, >> in turn, takes Opcode 15 off the table for future allocation, etc. >> >> >> DW > > More correctly DTLS traffic is DNS reply traffic (QR=1) which is > why there is no response from DNS servers. The traffic is processed > as a broken unexpected reply. > _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
