On Nov 4, 2020, at 12:29 AM, Stephane Bortzmeyer <[email protected]> wrote: > > On Mon, Nov 02, 2020 at 02:54:13PM -0800, > [email protected] <[email protected]> wrote > a message of 43 lines which said: > >> Title : DNS Privacy Requirements for Exchanges between >> Recursive Resolvers and Authoritative Servers >> Authors : Jason Livingood >> Alexander Mayrhofer >> Benno Overeinder >> Filename : draft-ietf-dprive-phase2-requirements-02.txt > > In 5.1, items 2 and 3 may require some clarification. For instance, "A > recursive resolver that supports recursive-to-authoritative DNS > encryption MUST be able to determine whether or not a given > authoritative name server to which it intends to connect also supports > recursive-to-authoritative DNS encryption." An obvious way to fulfill > this requirment is to try to start TLS on port 853 and see if it > works. But I guess item 2 was instead about the ability to determine > IN ADVANCE, before connecting, if encryption is supposed to be > supported?
It would be useful if a resolver could tell in advance, and at a cost less than port-checking. There could be a new protocols developed to do that. I don't see this as a requirement, though, given the low cost of port-checking. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
