On Thu, Oct 31, 2019 at 11:56 PM Vladimír Čunát <[email protected]> wrote:
> On 11/1/19 1:37 AM, Eric Rescorla wrote: > > Hmm..... I think that's only true if you are assuming that the NS > > record for the leaf is DNSSEC secured, but that doesn't seem like a > > safe assumption. > > Generally speaking, I believe it's fine to add assumptions about DNSSEC > validation, if that makes the ADoT protocol "better" in some way. (and > I expect it will) It seems that DNSSEC will be much easier than this > new stuff. > Easier for who? The advantage of transport security in this setting is that the authoritative can just deploy it for all their users without any interaction with the user. By the way, I'm personally not yet 100% convinced by TLS and might e.g. > add QUIC into consideration > Well, DoQ seems like an interesting direction, but I'm not sure what you mean by "not 100% convinced by TLS". -Ekr
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
