On 11 Jun 2018, at 9:24, Russ Housley wrote:
Given the large number of responses to the thread about DNS-over-TLS
for recursive-to-authoritative, I would hope that this topic would
have a significant part of the meeting. The biggest open topic is
authentication of the server.
Should there be something in the server certificate that makes it
clear that the server is an authoritative DNS server? I do not think
that an arbitrary Web PKI certificate is sufficient. At a minimum, I
think there should be an extended key usage in the certificate.
This would be a good discussion to have on a thread about the draft, not
a thread about the agenda topics. :-)
--Paul Hoffman
_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy