On Feb 15, 2021, at 2:36 PM, Stephen Farrell <[email protected]> wrote: > > > Hiya, > > On 15/02/2021 22:24, Paul Hoffman wrote: >> Does this sound like a good approach going forward. > > Not to me sorry;-( > > A. I don't understand the proposal.
Fair enough, because I didn't propose one yet, just asking the WG if they thought that would be helpful, given that the proponents of fully-authenticated have not yet shown interest in publishing a draft. > B. I want an oppo protocol to be a stepping stone to > an authenticated one. Yes, definitely. > There must be some changes to > tale that last step of course, but they need to be > something that can co-exist with the oppo variant and > also be trivially easy for those deploying (e.g. no > need to change anything other than a cert maybe). That might be sufficient, or maybe there has to be one other thing, hopefully also trivial. > I'm > not clear if you're proposal would make that harder > but it sure sounds like it would. Optimally, it would not. > (That said I'm not > aware of any practical-to-deploy-soon authenticated > scheme and don't want to wait for DNSSEC to take over > the universe, much as I'd be happy if it did.) Well, exactly. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
