On 31/03/2021 02:56, Rob Sayre wrote:
On Tue, Mar 30, 2021 at 6:36 PM Stephen Farrell <[email protected]> wrote:Also fair. Requiring the parent to be involved is a big deal for any of the offered solutions here (regardless of whether or not DNSSEC is involved).I don't think anyone expects any high-traffic piece of DNS infrastructure to just flip a switch and enable TLS or equivalent. But, I also think it's increasingly untenable to claim a server can serve traffic at all, unless it can support TLS 1.3 or something similar.
I don't really disagree, but in the case of SMTP/TLS afaik some of the major service providers had to discover that themselves before they believed it, and I can well imagine the kind of reluctance that might exist within the set of people who have to keep stuff working. A switch from Do53 to DoT or DoH is also arguably a bigger change so I'm not too surprised that there are cold feet that may need to be encouraged to approach the source of warmth:-) Cheers, S.
thanks, Rob
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
