On Tue, Jul 19, 2016 at 11:18 AM, Stephane Bortzmeyer <[email protected]> wrote:
> On Tue, Jul 19, 2016 at 11:11:18AM -0400, > Bob Harold <[email protected]> wrote > a message of 130 lines which said: > > > I would think that "Key in DNS, authenticated by DNSSEC" would be > > the obvious choice. > > It is mentioned, section 2.2. > > For the -00 version, I did not try to order ("obvious" or "best") the > choices. Feedback welcomed. > I was confused by the "bootstrap" issue, or why talk to port 953. I was assuming normal unencrypted DNSSEC to get the key, and then encrypt the query that I wanted to protect. I can see why some would want to try to make private getting the key, if possible, but it really complicates things, so I am not sure it is worth it. (Just my opinion, of course.) -- Bob Harold
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
