Hiya,
On 15/02/2021 22:24, Paul Hoffman wrote:
Does this sound like a good approach going forward.
Not to me sorry;-( A. I don't understand the proposal. B. I want an oppo protocol to be a stepping stone to an authenticated one. There must be some changes to tale that last step of course, but they need to be something that can co-exist with the oppo variant and also be trivially easy for those deploying (e.g. no need to change anything other than a cert maybe). I'm not clear if you're proposal would make that harder but it sure sounds like it would. (That said I'm not aware of any practical-to-deploy-soon authenticated scheme and don't want to wait for DNSSEC to take over the universe, much as I'd be happy if it did.) S.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
