> Given the large number of responses to the thread about DNS-over-TLS for > recursive-to-authoritative, I would hope that this topic would have a > significant part of the meeting. The biggest open topic is authentication of > the server.
Should there be something in the server certificate that makes it clear that the server is an authoritative DNS server? I do not think that an arbitrary Web PKI certificate is sufficient. At a minimum, I think there should be an extended key usage in the certificate. Russ _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
