> On Oct 9, 2015, at 3:44 PM, John R Levine <[email protected]> wrote: > >> Here's the text: >> >> 3. Any protocol interactions prior to the TLS handshake are >> performed in the clear and can be modified by a person-in-the- >> middle attacker. For this reason, clients MAY discard cached >> information about server capabilities advertised prior to the >> start of the TLS handshake. >> >> The authors debated about leaving this in or taking it out. >> >> The argument for leaving it is that a client might not use TLS >> immediately, for whatever reason. If it performs normal queries >> before using TLS then the client might want to discard anything it >> learned about servers. That might include RTT estimates, EDNS support, etc. > > If the TLS stuff is on a separate port that only does TLS, what could > possibly happen before the TLS handshake?
I'm suggesting that a query/response on port 53 might happen prior to TLS. DW _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
