On Sep 11, 2020, at 5:03 PM, Paul Wouters <[email protected]> wrote: > > And as I've told you before, your use case of "opportunistic encryption" > makes no sense here.
And many people disagreed with you. > The DNS allows for publication of public keys without > any further infrastructure. You need your TLS certificate for encryption > anyway. Why not just stuff that public key into DNS via a TLSA record? Primarily because that is only of value to resolvers that are validating, and that's the small minority of resolvers. Secondarily because "just stuff" leads to errors that will lead to resolvers failing to get answers. > This is not rocket science. We already do TLSA for email at large scale > now. You somehow missed the word "opportunistic" in that sentence. > Opportunistic encryption to authoritative servers is just too silly. Many people disagree. > I am strongly opposed to doing this work. You continue to say that without writing up your use case for review in this WG (or anywhere, as far as I can tell). The best way to support your use case it to write it down, not just snipe at those who have written theirs down. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
