On Oct 2, 2018, at 3:12 AM, Tony Finch <[email protected]> wrote: > > Paul Hoffman <[email protected]> wrote: >> >> I do not have a scenario where the client (the resolver in this case) >> needs downgrade protection for privacy. > > In that case there's no need to worry about authentication at all. > (But I disagree.)
And I disagree that there is "no need to worry". As I said in my initial message, a resolver operator might want to take advantage of it if it is available. > More generally, I don't think the term "opportunistic" is very helpful, ....but it is the hard-fought agreement of the IETF. See RFC 7435. The abstract is quite simple: This document defines the concept "Opportunistic Security" in the context of communications protocols. Protocol designs based on Opportunistic Security use encryption even when authentication is not available, and use authentication when possible, thereby removing barriers to the widespread use of encryption on the Internet. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
