> On 9 Dec 2016, at 01:18, Christian Huitema <[email protected]> wrote: > > On Thursday, December 8, 2016 1:52 AM, Sara Dickinson wrote: >> >> Just to follow up on Tim’s mail. Any reviews of >> https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-tls-profiles/ >> would be much appreciated to try to wind up the WGLC asap.
Hi Christian, > > I just reviewed this draft. I think it is ready, and I would be happy if it > was published as is. Many thanks for the review. > > My only wish is for a bit more description of the interaction between policy > and configuration. The selection of the strict or opportunistic profile is > only one element in the configuration of the DNS client for privacy, the > other element being obviously the choice of the DNS server. The strict mode, > in particular, ought to depend on configuring a set of servers that the > client will accept to trust -- but even the opportunistic mode depends on > that to a degree. This is quite different from the current practice, in which > DNS servers are configured by untrusted processes. It would be nice if we had > a blow-by-blow example of how that's supposed to work. IIRC this was discussed a bit in Buenos Aires… and I believe the consensus was to have an example such as that in section 7.2.2 for Strict but to leave any other policy discussion out of this document hence the following sentence was added to Section 4: "A description of the variety of usage policies is out of scope of this document, but may be the subject of future work.” It seems there is some appetite for a follow up document on operational practices so perhaps that is where this policy discussion should be? Sara.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
