Hi, Joe, We authors of the TLS draft are in the process of a revision includes just this. I¹m told that the DTLS draft will be revised in the near term to include port-based establishment as well.
Allison On 8/18/15, 2:03 PM, "dns-privacy on behalf of Joe Touch" <[email protected] on behalf of [email protected]> wrote: >FWIW, it would be useful if these issues were documented in the draft, >e.g., in the IANA considerations section. > >Joe > >On 8/17/2015 6:16 PM, Mark Andrews wrote: >> In message <[email protected]>, >>"Wessels, Duane >> " writes: >>>> On Aug 17, 2015, at 6:42 AM, Warren Kumari <[email protected]> wrote: >>>> >>>> On Tue, Aug 11, 2015 at 2:00 PM, Joe Touch <[email protected]> wrote: >>>>> >>>>> Hi, Warren, >>>>> >>>>> It might be useful to summarize on this list the rationale for this >>>>> allocation and the plan for its use. >>>>> >>>>> In particular: >>>>> >>>>> - why port 53 is not sufficient using STARTTLS >>>>> >>>> >>>> - The WG decided that using a new port instead of a STARTTLS or >>>> octet-matching would better suite our operational goals. >>>> We had significant discussions on this, and we have concerns about >>>> things like middle boxes reacting to non-DNS on 53. >>> >>> Additionally: >>> >>> - A separate port avoids the 1xRTT incurred by STARTTLS negotiation. >>> >>> - DNS-over-DTLS can't use STARTTLS (at least not as currently >>>described), >>> although >>> it does claim that it can run on port 53. That relies on an unaware >>> server >>> mis-interpreting a DTLS ClientHello message as a DNS message with >>> Opcode=15. That, >>> in turn, takes Opcode 15 off the table for future allocation, etc. >>> >>> >>> DW >> >> More correctly DTLS traffic is DNS reply traffic (QR=1) which is >> why there is no response from DNS servers. The traffic is processed >> as a broken unexpected reply. >> > >_______________________________________________ >dns-privacy mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/dns-privacy _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
