Am 13.09.18 um 14:14 schrieb Willem Toorop: > An alternative for TLSA glue could be a label in the NS name indicating > DoT support perhaps? It's not pretty, but at least it would work right now. Hello, yes, a special authoritative server name was also the mechanism, DJB choose to publish a curvedns server public key. (https://en.wikipedia.org/wiki/DNSCurve) so why not name a authoritative server "dot{foo}.example"? A resolver may expect by definition that this authoritative server - is reachable on port 853/tcp - present a certificate - prove the certificate's content by a TLSA record served inline via tls-dnssec-chain as well as via 'normal' DNS - serve zone data -> capability signaling by name That way it's not a requirement for a delegation zone to serve any additional data. Andreas _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
- Re: [dns-privacy] Sketchy notes on DNS-over-TLS to authori... Shane Kerr
- Re: [dns-privacy] Sketchy notes on DNS-over-TLS to au... Tony Finch
- Re: [dns-privacy] Sketchy notes on DNS-over-TLS t... Ilari Liusvaara
- Re: [dns-privacy] Sketchy notes on DNS-over-T... Willem Toorop
- Re: [dns-privacy] Sketchy notes on DNS-ov... Paul Wouters
- Re: [dns-privacy] Sketchy notes on D... Tony Finch
- Re: [dns-privacy] Sketchy notes ... Paul Wouters
- Re: [dns-privacy] Sketchy notes ... Tony Finch
- Re: [dns-privacy] Sketchy notes ... Willem Toorop
- Re: [dns-privacy] Sketchy notes on D... Willem Toorop
- Re: [dns-privacy] Sketchy notes ... A. Schulze
- Re: [dns-privacy] Sketchy notes on DNS-over-T... Tony Finch
- Re: [dns-privacy] Sketchy notes on DNS-over-TLS to authori... Warren Kumari
- Re: [dns-privacy] Sketchy notes on DNS-over-TLS to au... Robert Edmonds
- Re: [dns-privacy] Sketchy notes on DNS-over-TLS to au... Tony Finch
- Re: [dns-privacy] Sketchy notes on DNS-over-TLS t... Martin Hoffmann
