Re: [dns-privacy] New Version Notification for draft-bretelle-dprive-dot-spki-in-ns-name-00.txt

A. Schulze Tue, 12 Mar 2019 00:15:18 -0700


manu tman:

What I meant is roughly around the line of
https://tools.ietf.org/html/draft-bortzmeyer-dprive-resolver-to-auth-01#section-2
. e.g if you operate a resolver in strict mode, and DoT fails (connection
to port 853, fail to validate SPKI) while the name of the name server
indicates that DoT is supported. The resolver should fail.
In opportunistic mode, the resolver will fallback onto port 53. The
operator of the resolver will be setting the mode of operation.


Hello,

Ah, that makes sense, my reading was to allow the resolver to use 853in oportunistic mode even when SPKI validation fail. I've to rereadthe text...


Andreas



_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy

Re: [dns-privacy] New Version Notification for draft-bretelle-dprive-dot-spki-in-ns-name-00.txt

Reply via email to