On Nov 4, 2020, at 9:18 AM, Eric Rescorla <[email protected]> wrote: > On Wed, Nov 4, 2020 at 7:11 AM Paul Hoffman <[email protected]> wrote: >> The prevention of downgrade attacks is not needed for the use case that has >> been described so far (opportunistic encryption). It is only needed for the >> use case that has not been described (failed DNS resolution when >> authentication is not possible). >> > What do you mean by "has been described"? You basically just described both > of these.
Only basically. So far on the list, only part of the mechanism (do authentication) has been described. The rest of the mechanism (what to do when authentication for the first server tried fails) and the use case (why you would want to fail DNS resolution) has not. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
