Hello Christian, On Sat, 2020-05-30 at 23:00 -0700, Christian Huitema wrote: > I am wondering how using the signalling that you propose affects > experimentation with DoQ? I assume that with your proposal, we could > either have several DS records with different "algorithm" values, or a > single record with a flag somewhere stating that both TCP/DoT and > UDP/DoQ are supported. Have you thought about that?
We have definitely thought about that! The way this signaling protocol is structured means that we cannot see DNSKEY flags until we have established some encrypted connection (in our case, DoT). So flags are out. I think it would be simplest to allocate one 'algorithm' number per protocol. This would also allow protocols other than DoT to perhaps use the various DNSKEY/DS fields for different semantics. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy