On 11/4/2019 7:12 AM, Eric Rescorla wrote: > > > On Mon, Nov 4, 2019 at 6:26 AM Stephane Bortzmeyer <[email protected] > <mailto:[email protected]>> wrote: > > On Sun, Nov 03, 2019 at 05:33:34PM -0500, > John Levine <[email protected] <mailto:[email protected]>> wrote > a message of 14 lines which said: > > > I thought it might be useful to make a list of possible ways to > signal > > that a server offers ADoT: > > I would like also a discussion on whether signaling is 1) good 2) > necessary. > > Even if you get a signal, the reality may be out-of-sync with the > signal, for instance because of a problem on the server side (remember > AAAAs published without checking IPv6 connectivity works) or on the > client side (port 853 blocked). > > > I'm less worried about the latter because I would expect recursive > resolvers to generally be operated by people who are able to establish > their port 853 status.
Note that port 853 is a convention. Servers could trivially run multiple services over port 443, and demux based on the ALPN. I suppose that if we see a lot blockage of port 853, servers will just do that -- run on port 443, demux based on ALPN="DoT"... -- Christian Huitema
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
