On Tue, 19 May 2020, Peter van Dijk wrote:
please find below all details about our proposal for enabling DoT from
resolver to authoritative.
Thanks, interesting approach.
Some thoughts...
"If the DoT connection is unsuccessful or the public key
supplied the server does not match one of the DS digests, the
resolver MUST NOT fall back to unencrypted Do53."
Can we somehow make this behavior configurable by means of a flag (or
something) by the domain holder? To say if fallback is ok or not?
Also, when I want to roll keys, can I specify multiple keys during this
key roll period?
--
Mikael Abrahamsson email: [email protected]
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
