On Tue 2017-11-14 12:04:19 +0100, Sara Dickinson wrote:
> This draft is now ready to progress once a -12 version is available. I
> just want to circle back round to summarise the fact that the only
> proposed difference that will be in the -12 version compared to -11 is
> the following (in section 7.2. Direct configuration of ADN only):
>
> Current text:
>
> “It can then use Opportunistic DNS connections to an untrusted recursive
> DNS resolver to establish the IP address of the intended privacy-
> enabling DNS resolver by doing a lookup of A/AAAA records. Such
> records SHOULD be DNSSEC validated when using a Strict Usage profile
> and MUST be validated when using Opportunistic Privacy."
>
> New text:
> “It can then use Opportunistic DNS connections to an untrusted recursive
> DNS resolver to establish the IP address of the intended privacy-
> enabling DNS resolver by doing a lookup of A/AAAA records. A
> DNSSEC validating client SHOULD apply the same validation policy
> to the A/AAAA meta-query lookups as it does to other queries.
> A client that does not validate DNSSEC SHOULD apply the same policy (if any)
> to the A/AAAA meta-query lookups as it does to other queries."
>
> I hope I captured the consensus correctly? Please let me know as I
> intend to put out the -12 (final) version next Monday (20th).
The text looks good to me. thanks for taking care of this, Sara.
--dkg
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
