On Mon, Nov 4, 2019 at 12:58 PM Christian Huitema <[email protected]> wrote: > > > On 11/4/2019 7:12 AM, Eric Rescorla wrote: > > > > On Mon, Nov 4, 2019 at 6:26 AM Stephane Bortzmeyer <[email protected]> wrote: >> >> On Sun, Nov 03, 2019 at 05:33:34PM -0500, >> John Levine <[email protected]> wrote >> a message of 14 lines which said: >> >> > I thought it might be useful to make a list of possible ways to signal >> > that a server offers ADoT: >> >> I would like also a discussion on whether signaling is 1) good 2) >> necessary. >> >> Even if you get a signal, the reality may be out-of-sync with the >> signal, for instance because of a problem on the server side (remember >> AAAAs published without checking IPv6 connectivity works) or on the >> client side (port 853 blocked). > > > I'm less worried about the latter because I would expect recursive resolvers > to generally be operated by people who are able to establish their port 853 > status. > > > Note that port 853 is a convention.
Yes -- and that was a conscious choice by the WG; a number of people always figured that there would be DoT servers running on 443, but that wasn't something that could be recommended in the document... W > Servers could trivially run multiple services over port 443, and demux based > on the ALPN. I suppose that if we see a lot blockage of port 853, servers > will just do that -- run on port 443, demux based on ALPN="DoT"... > > -- Christian Huitema > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
