> On Sep 30, 2015, at 5:05 PM, Watson Ladd <[email protected]> wrote:
>
> On Wed, Sep 23, 2015 at 10:32 AM, Warren Kumari <[email protected]> wrote:
>> Hi all,
>>
>> Please review our documents:
>> https://datatracker.ietf.org/doc/draft-ietf-dprive-dns-over-tls/
>> https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/
>>
>> We would like to see a significant amount of review and discussion before
>> our meeting in Yokohama - if not it is hard to justify the meeting time.
>>
>> I put in the request for early port allocation few days back...
>
> Is "pining" really the right term for recording which resolvers
> support DNS? When I've seen pinning used it has been in the context of
> certificates, with pining involving remembering which certificate was
> used.
Watson,
I think that is a fair point and I've made the following change:
@@ -787,8 +787,8 @@
Clients and
servers MUST adhere to the TLS implementation recommendations
and security considerations of <xref target="RFC7525"/>.
- DNS clients keeping track of servers known to support TLS (i.e.,
- "pinning") enables clients to detect downgrade attacks.
+ DNS clients keeping track of servers known to support TLS
+ enables clients to detect downgrade attacks.
For servers with no connection history and no apparent
support for TLS, clients depending on their Privacy
Profile and privacy requirements may choose to (a) try another
server when
> We don't seem to have a good deal to say about authenticating DNS resolvers.
Yes, and we are acknowledging such as out of scope for this document.
DW
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
