Hello DPRIVE, First, a recap of my IETF110 presentation for those who missed it. I explained that the recent version of our opportunistic/unauthenticated draft (draft-ietf-dprive-opportunistic-adotq-01) included a rough skeleton of support for an authenticated use case, because no other proposal for that was alive at the time. Shortly after, another draft (draft-rescorla-dprive-adox-latest-00) describing an authenticated approach appeared. I suggested in my presentation that we take authentication out of our draft so that the two use cases (being 'unauthenticated' and 'authenticated') can progress side by side.
draft-rescorla-dprive-adox-latest-00 proposes SVCB as a discovery mechanism instead of our TLSA, and this sounds good to us. The unauthenticated use case only needs discovery, so SVCB appears to be an even better fit than TLSA. SVCB also provides more protocol flexibility. Our proposal for a way forward: * We take authentication out of draft-ietf-dprive-opportunistic-adotq again. * We give the draft a somewhat more accurate name, as the switch to SVCB stops us being limited to DoT and DoQ (although I really do wonder if there is any appetite for DoH on the recursive<>auth path). * We let the drafts develop side by side, making sure they use similar wording where appropriate, and don't get in each other's way. Cheers, Paul&Peter _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
