Hiya,
Not asking anyone in particular but... On 27/03/2021 00:24, Eric Rescorla wrote:
WRT the operational risk (slide 3), it's likely true that it's somewhat harder to run a DoX server than a Do53 server. However,given that we have plenty of worked examples of TLS servers of comparable if not greater scale being operated with high reliability (e.g., Google, Fastly, Cloudflare, etc.), I think there's pretty strong evidence that this is an operational issue that can be addressed.
That's been said a number of times, and I think has a fairly clear ring of truth to it, but yet it somehow doesn't seem to sway those who operate larger scale Do53 services today. Can anyone help me understand that? I could understand if the justifications were down to stability or cost, either of which could be valid engineering reasons why someone might prefer the status-quo, but I don't think I've seen the argument made explicit in either of those ways. I don't have first-hand knowledge of this, so it'd help me at least if it the reasons why DoH or DoT are hard for (especially the likes of .com/.net) could be further clarified. Thanks, S.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
