> -----Original Message----- > From: dns-privacy <[email protected]> On Behalf Of Stephen > Farrell > Sent: Friday, March 26, 2021 10:02 PM > To: Eric Rescorla <[email protected]>; Jim Reid <[email protected]> > Cc: DNS Privacy Working Group <[email protected]>; Bill Woodcock > <[email protected]> > Subject: [EXTERNAL] Re: [dns-privacy] [Ext] next steps for draft- > opportunistic-adotq > > > Hiya, > > Not asking anyone in particular but... > > On 27/03/2021 00:24, Eric Rescorla wrote: > > WRT the operational risk (slide 3), it's likely true that it's > > somewhat harder to run a DoX server than a Do53 server. However, given > > that we have plenty of worked examples of TLS servers of comparable if > > not greater scale being operated with high reliability (e.g., Google, > > Fastly, Cloudflare, etc.), I think there's pretty strong evidence that > > this is an operational issue that can be addressed. > > That's been said a number of times, and I think has a fairly clear ring of > truth > to it, but yet it somehow doesn't seem to sway those who operate larger > scale Do53 services today. > > Can anyone help me understand that? > > I could understand if the justifications were down to stability or cost, > either > of which could be valid engineering reasons why someone might prefer the > status-quo, but I don't think I've seen the argument made explicit in either > of > those ways. > > I don't have first-hand knowledge of this, so it'd help me at least if it the > reasons why DoH or DoT are hard for (especially the likes of .com/.net) could > be further clarified.
[SAH] I'm working on a more detailed response, but in the meantime it might help to read this expired Internet-Draft: https://www.ietf.org/archive/id/draft-hal-adot-operational-considerations-02.txt Scott _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
