On 10/16/19 2:59 AM, Patrick McManus wrote: > 1b] As this is a BCP, I question whether this is really advice driven > by BCP. How often is this done, and when it is done how much traffic > is driven through it so that we really understand the implications of > it? This feels more like an idea than a BCP backed up by wide > experience... and there is reason to think it might fall down at scale > if really adopted as a best practice.
I think we're in a chicken-egg situation (partially) where some kinds of "DNS resolver operators" (e.g. ISPs) have only rarely deployed much of this stuff, especially transport encryption, and they might like to get inspired by at least some IETF-blessed advice, even if it won't be perfect yet. Example: https://github.com/Encrypted-DNS-Deployment-Initiative/Workstreams/issues/3 > [...] the deployment is evolving and I hope that as ISPs and > Enterprises deploy they will feedback into the -bis. I also hope for that. Having touched this initiative I linked above - it seems mostly driven by ISPs who are trying to figure out operational BCP for DNS encryption. --Vladimir _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
