η₯ζιε <[email protected]> writes: > At Fri, 23 Oct 2015 14:31:15 +0000, > Paul Hoffman <[email protected]> wrote: > >> >1) I believe it would be a mistake to publish this without synchronizing >> >the TLS-related aspects of DNS-over-TLS and DNS-over-DTLS. > [...] >> >2) On TLS verification, this document should reference RFC 6125 and >> >describe how naming information should be compared with the locally >> >known data with what is being presented by the server. > [...] >> >If merging DNS-over-TLS and DNS-over-DTLS is not an option, another >> >possibility is that TLS-related aspects are deferred from both documents >> >to another third new document that describe how to perform TLS >> >credential verification for DNS-over-(D)TLS in a generalized way. Then >> >there would be harmony in the TLS-related aspects, and the respective >> >document can focus on the DNS-related aspects. If document editor >> >cycles is limiting factor, I would volunteer to help write this. >> >> Fully agree on all counts. If the WG wants to move both -TLS and -DTLS to >> the IETF, it makes no sense at all to have them have different crypto >> properties. I don't care if the answer is "harmonize each before >> finishing" or "harmonize them by reference to a third document". > > I have some preliminary question about the 'If'. I don't remember > exactly how the DNS/DTLS draft became a wg document, but IIRC when we > adopted DNS/TLS from several candidates the decision was to focus on > this particular solution while allowing flexibility of discussions > other ideas at a lower priority, so we can at least publish one > concrete solution document as soon as possible. I have no problem of > discussing DNS/DTLS itself, but if my understanding about the wg focus > is correct, I don't think it a good idea to delay publishing DNS/TLS > because of it implication with DNS/DTLS. In that sense merging these > two drafts doesn't seem to be a good idea to me. Extracting and > deferring some parts of DNS/TLS may be acceptable if the resulting > DNS/TLS draft is still a self-contained document to be published.
Both DNS/TLS and DNS/DTLS were adopted by the WG, check the mailing list archives. In that light, I believe it make sense for them to be aligned with each other. /Simon
signature.asc
Description: PGP signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
