Begin forwarded message: > > From: Ted Hardie <[email protected]> > Subject: Re: [dns-privacy] review of draft-ietf-dprive-dnsodtls-01 > Date: 5 October 2015 18:48:40 GMT-4 > To: Sara Dickinson <[email protected]> > Cc: "[email protected]" <[email protected]> > > > First, I think the chances are pretty good that DNS over TLS or DTLS will > deployed side by existing DNS for at least some time, so I'm not sure that > focusing entirely on avoiding fall back here is ta critical point.
Hi Ted, Well my review was from a standpoint of assessing this draft as a solution to the problem statement of providing DNS privacy. Using existing standards (DTLS 1.2 and DNS) message truncation is a specific, common case where standalone dnsodtls cannot provide privacy for DNS. So I think it is a significant limitation from a protocol, implementation and deployment point of view. I’m not saying this issue can’t or won’t be solved. Just that if the solution requires one of - deploying DTLS only when TLS is also available - a non-standard DTLS implementation - extensions to either the DTLS or DNS protocol (which are not yet detailed in the draft) then that requirement should be very clear in a standards track document. Sara. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
