On Mon, Dec 16, 2019, at 13:40, Tom Pusateri wrote: > > > > On Dec 15, 2019, at 7:35 PM, Martin Thomson <[email protected]> wrote: > > > >> So, let's back up a step: are people interested in using DHCP and RA as > >> part of the discovery story here or not? > > > > I am. > > > > I tend to think that > > https://thpts.github.io/draft-peterson-dot-dhcp/draft-peterson-dot-dhcp.html > > is a reasonable start here. Sure, it makes some assumptions, and leaves > > some of the harder 8310-style questions unanswered, but that's where I > > think we should be paying more attention anyway. > > This is at least the fourth list that DoT discovery over DHCP has been > discussed (see DoH, DNSOP, and DRIU). > > In the previous three times, it was rejected as not a trustworthy source. [...] > https://www.youtube.com/watch?v=cfEX8zuoRAA
I refreshed my memory here and I my interpretation of Ted's presentation is perhaps different than what you took away. I could make one of two inferences: 1. Don't allow the network to configure DNS. You can't trust it. 2. Be clearer about the trust model when you allow the network to provide this information. There was a bunch of other noise about the shortcomings of DHCP, but this was the central point. The first might be read as a firm argument for certain DoH deployment arrangements. Arrangements that have proven to be highly controversial. Your own introduction to the next presentation acknowledges the shortcoming and even identified a trust model or two that might fit within the remit of the second option. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
