> On Dec 12, 2019, at 11:18 PM, John Levine <[email protected]> wrote: > > In article <[email protected]> you write: >> - It will cause confusion because there will be two ways to do DoT, so a >> client might have to test each way >> in order to know if the resolver supports DoT. > > I have no objection to reserving an ALPN ID for DoT for use by private > agreement,
That is precisely what I am proposing. > but I'd be pretty unhappy if it became a de-facto > alternative to port 853. If a small RFC is published, as others have discussed, I would support a statement to the fact that ALPN-capable resolvers SHOULD NOT (MUST NOT?) require the ALPN identifier when accepting DoT connections on 853. Ports other than 853 don't impact opportunistic DoT, since you have to have prior mutual agreement of the alternative port. > > We really need to figure out how to do DoWhatever discovery, > preferably better than probe ports on the same IP as the port 53 > server. Agreed. -Jon
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
