I think it's in pretty good shape but of course I have a few questions. In 3.3, it says to match queries and responses "using the ID field and port number". I get the ID field, but the port number? In a TCP session? This language appears to be copied from 5966bis, where it seems to have been copied by mistake from something that was talking about UDP. It's not in RFC 5966.
In the opportunistic privacy profiles in 4.1, why wouldn't you want to use opportunistic TLS when talking to an authoritative server the same as you would talking to a cache? The example suggests it only applies to caches. In the security considerations, item 3 appears to be left over from the STARTTLS version. If the handshake happens at the beginning, how could there be protocol interactions prior to the handshake? R's, John _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy