I do not believe we should adopt this document. While I think it would be useful to have a mechanism for auto-upgrading recursive-to-authoritative resolution to TLS, and that may involve some level of insecure discovery, the whole emphasis on opportunistic in this draft goes in the wrong direction. The intent should be to get to the state where you are secure from active attack as soon as possible. In particular, I'm not aware of any valid reason why we should endorse the use of unverifiable certificates as described in S 5.
-Ekr On Fri, Jan 29, 2021 at 5:24 AM Brian Haberman <[email protected]> wrote: > All, > This starts a DPRIVE WG call for adoption for > draft-pp-recursive-authoritative-opportunistic > ( > https://datatracker.ietf.org/doc/draft-pp-recursive-authoritative-opportunistic/ > ). > The focus of the call is the protocol defined in the draft. Please reply > to the mailing list with your views on the WG adopting the document and > your supporting arguments. > > This call will end on February 12, 2021 at 11:59pm UTC. > > Regards, > Brian & Tim > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy >
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
