On Nov 30, 2018, at 9:33 AM, Paul Wouters <[email protected]> wrote: > > On Fri, 30 Nov 2018, Hollenbeck, Scott wrote: > >>> times have changed, and it deserves another look, but some note that says >>> "If running out of resources, drop the encryption and serve DNS data in >>> the clear might be needed". Ideally in a way that querying clients that >>> want to insist on privacy can bail out instead of receiving cleartext. >> >> Possibly, but it may also be worth discussing how to avoid getting into >> resource exhaustion situations in the first place. Do you have any thoughts >> on Karl's "need for a profile of encryption standards" comment? > > I am not sure I see a need for a different TLS/DTLS profile compared to > regular (web) based (D)TLS connections. What do you or Karl think would > be different?
(D)TLS is not the only option. Using message security instead of connection security would eliminate the need for keeping TCP and crypto state on the server, and could maybe reduce the amount of CPU usage as well. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
