On Tue, Mar 30, 2021 at 5:08 PM Erik Kline <[email protected]> wrote:
> > On Tue, Mar 30, 2021 at 5:01 PM Rob Sayre <[email protected]> wrote: > >> On Tue, Mar 30, 2021 at 7:49 AM Hollenbeck, Scott <shollenbeck= >> [email protected]> wrote: >> >>> This is worth reading: >>> >>> https://root-servers.org/media/news/Statement_on_DNS_Encryption.pdf >> >> >> I am not sure I agree it is worth reading. >> >> Why can't "The Root Server Operators" run QUIC etc as well as their >> existing UDP methods? >> >> thanks, >> Rob >> > > (no hats) > > >From my reading the answer, and the whole document, seems to be > summarizable in this one excerpt: > > "Root Server Operators do not feel comfortable being the early > adopters of authoritative DNS encryption and would like to first see > increased deployment in other parts of the DNS hierarchy." > > Seems fair to me, for the time being. > As I said earlier, this seems overly conservative given our experience with large scale TLS-based services. With that said, this doesn't seem to me to present a severe problem: there are a relatively small number of TLD servers, so we could probably create a lookaside list of which ones support TLS as suggested in draft-rescorla-dprive-adox-latest-00 Section 3, -Ekr
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
