On Sat, Nov 2, 2019 at 4:47 PM John Levine <[email protected]> wrote: > In article <CABcZeBOBFFi= > [email protected]> you write: > >Conversely, what made opportunistic style approaches viable for > >SMTP was that there was an existing protocol handshake that > >could be conveniently adopted to have upward negotiation (STARTTLS). ... > > >In this case, I think the relevant question is whether there is some > >viable mechanism (by which I mean one that people might actually > >use) by which recursive resolvers would, in talking to an authoritative > >resolver, detect that that resolver supported secure transport and > >upgrade. > > It's easy enough to imagine an EDNS option that asks whether a server > supports ADoT, that the client can use as a signal to try again on > port 853.
Sure. One reason you might be sad about this is that it has an extra round trip. > PS: there's always dnscurve > Sure. Dnscurve is a variant of the "have a secure reference" approach. -Ekr
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
