> On 27 Nov 2019, at 14:28, Stephane Bortzmeyer <[email protected]> wrote:
> If you use DoH/DoT, it is because you don't trust the access network. It says nothing about whether you trust the access network. You *may* be using DoH/DoT because you don’t trust the access network. However, you may trust the access network for example, but the resolver it gives you may be located somewhere else entirely and your queries may be transiting over an untrusted network. > Relying on it to > indicate a DoH/DoT resolver is pointless. > You’re conflating the lack of trust in the access network with discovery. Yes, if you don’t trust the access network then you may not want to use a discovery protocol to indicate the best way to contact the resolver over DoT/DoH. However what if you have configured a resolver manually using an IP address, and want to opportunistically upgrade to DoT/DoH if the resolver supports it? Neil _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
