On Fri, Oct 23, 2015 at 02:35:29PM +0200, Simon Josefsson wrote: > Warren Kumari <[email protected]> writes: > > > Dear DPRIVE WG, > > > > The authors of draft-ietf-dprive-dns-over-tls-01 have indicated that > > they believe that the document is ready, and have asked for Working > > Group Last Call. > > Hi. I believe the document is in relatively good shape. I have one > high level concern, and one concern with the document itself that is > related to the higher-level concern: > > 1) I believe it would be a mistake to publish this without synchronizing > the TLS-related aspects of DNS-over-TLS and DNS-over-DTLS. The > documents solve roughly the same problem, with rougly the same > technology. > > If merging DNS-over-TLS and DNS-over-DTLS is not an option, another > possibility is that TLS-related aspects are deferred from both documents > to another third new document that describe how to perform TLS > credential verification for DNS-over-(D)TLS in a generalized way.
Agreed. Furthermore, I think that the (D)TLS profiling aspects should be merged too (TLS and DTLS are virtually[1] the same here). [1] IIRC, pretty much the only difference is RC4: Doesn't work at all in DTLS, forbidden in TLS. -Ilari _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
