Here's the text: 3. Any protocol interactions prior to the TLS handshake are performed in the clear and can be modified by a person-in-the- middle attacker. For this reason, clients MAY discard cached information about server capabilities advertised prior to the start of the TLS handshake.The authors debated about leaving this in or taking it out. The argument for leaving it is that a client might not use TLS immediately, for whatever reason. If it performs normal queries before using TLS then the client might want to discard anything it learned about servers. That might include RTT estimates, EDNS support, etc.
If the TLS stuff is on a separate port that only does TLS, what could possibly happen before the TLS handshake?
Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
