Hiya, On 02/01/18 11:36, Stephane Bortzmeyer wrote: > New Year Resolution for 2018: securing (privacy-wise) the > communication from the resolver to the authoritative name server. > > draft-bortzmeyer-dprive-step-2 was not a big success probably because > it was too open, mentinong too many possibilities. Here, I propose > just one method. Comments and criticisms welcome. >
Thanks for writing that. I think I'd argue to postpone definition of the strict mode entirely, as I can't see anything like that being used for a long time yet, which means there'd be plenty of time to see if DANE and/or some specific flavour of TLS1.3 is the right thing to use. Other than that, I like it and would love to see the WG refer to this as part of a re-chartering effort. S. > > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy > -- PGP key change time for me. New-ID 7B172BEA; old-ID 805F8DA2 expires Jan 24 2018. NewWithOld sigs in keyservers. Sorry if that mucks something up;-)
0x7B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
