Hi all, After the discussions that took place on dprive meeting in Prague I felt that we're losing the point of DNS - it being the very lightweight protocol. I know that DTLS and TLS are great and proven protocols but those were meant to protect streams and communications a few orders larger where few additional ping-pongs and few hundred bytes of overhead are negligible. In DNS the few hundred bytes is an order of magnitude, and a few additional ping-pongs are a nightmare for someone with RT times of 300ms (not everyone lives in the US you know :>). I also felt that there is a pressure to migrate to TCP completely - which I believe is throwing a baby with the bathwater.
That's why I've came up with something completely different. I've started writing this draft in Prague in July, but from completely wrong side - describing wire formats etc. instead of general ideas. So for now I've erased everything that's on the technical side and left only the very outline of the protocol. So, without further ado, here https://www.ietf.org/id/draft-krecicki-dnsenc-00.txt is the early, buggy, almost non-technical, and full of typos version of Stateless DNS Encryption (DNSENC) draft, for your consideration. Witold Krecicki ISC _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
