>>>>> "SD" == Sara Dickinson <[email protected]> writes:
>> On 18 May 2018, at 19:25, James Cloos <[email protected]> wrote: >>>>>>> "BH" == Brian Haberman <[email protected]> writes: JC>> The happy eyeballs reference looks to be the right thing to do. SD> Section 3: I’d like to see a bit more discussion around this proposal: SD> "A resolver working in opportunistic mode should try ports 53 and 853 in parallel.” SD> I see the obvious latency win here but the downside with this mode (as SD> currently described) is that it _always_ leaks the query in cleartext SD> so it seems to defeat the point of using TLS. I read thru my reply again, and I think this was the only point I didn't properly consider. But testing shows that a short timeout is required to ensure that auth's which do not support 853 do not dos resolvers which try it. -JimC -- James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
