On Mon, Feb 15, 2021 at 3:15 PM Stephen Farrell <[email protected]> wrote:
> > > On 15/02/2021 23:05, Eric Rescorla wrote: > > Sure, I can believe that. I'm not any kind of DNS expert, but it's hard > to > > believe we can't invent*some* signal that you use to ask whoever served > > you the NS records. > > Yep. I think someone had a presentation a while back about > how all the approaches considered so far were dead ends or > impractical and why. > If someone could point me at that, I would be appreciative. -Ekr > So it may be that a new RRTYPE is needed, in which case, I > gotta ask why that has a better chance than DNSSEC+DANE, as > those seem similarly challenging to me. > > Of course, if there were something that strongly motivated > DNS actors (registrars, TLDs, server operators) that'd be > different but I don't think I've heard of anything that's > attractive like that and that meets this requirement. (So > there's no equivalent of the HTTPS RRTYPE here that's been > suggested so far and that appeals to almost all actors.) > > Cheers, > S. > >
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
