Greetings again. We have produced draft-ietf-dprive-opportunistic-adotq-02 based on extensive WG feedback before, during, and after the WG meeting. A couple of big changes include:
- All that fully-authenticated description we added to -01 before the WG meeting because we didn't know that draft-rescorla-dprive-adox-latest was coming? We removed that from our draft and point to draft-rescorla-dprive-adox-latest instead. - The WG has not agreed on any reason to do authentication in opportunistic resolver-to-authoritative DNS, so we removed any mention of it, and now just talk about unauthenticated encryption. - We changed the signaling mechanism to SVCB to align with draft-rescorla-dprive-adox-latest. - Even though -01 stated explicitly that the protocol was optional for all authoritative servers, it seems that people want more. We now say more and point to the new RootOps document. - Given that the WG is getting close to finishing DoQ, we put DoQ on the same footing as DoT in the document. We added DoH because it comes for free with using SVCB as a signal. Given that the document is no longer about full opportunistic encryption (just about unauthenticated encryption), and that it not just about DoT and DoQ, we propose that we change the file name to draft-ietf-dprive-unauth-to-authoritative after the WG has had some time to comment on this -02. --Peter and Paul
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
