On Tue, May 25, 2021 at 2:28 PM Paul Wouters <p...@nohats.ca> wrote: > On May 25, 2021, at 17:16, Tim Wicinski <tjw.i...@gmail.com> wrote: > > > > > > All > > > > The authors took the advice from the working group and extracted the > more common features > > into a separate document. The chairs would like the working group to > give some comments, as > > we feel a document like this should be considered for adoption. > > I had not responded on purpose. As indicated in the past, I find the gains > of encrypting but not authenticating authoritative servers not very useful. >
I agree with this. The fundamental question here is whether we want to build a mechanism for authenticated ADoX or not; and if so, whether there are technical mechanisms that make it possible/practical. I don't believe we have consensus on this point (indeed, PaulW and I disagree on that), and so just trying to pull out those mechanisms while avoiding this issue seems not very productive. -Ekr We have an existing authentication mechanism for authenticating > authoritative servers (DNSSEC) that we should spend our energy on promoting > instead of writing more RFCs about securing the transport leaving the > transported data vulnerable to manipulation by an ever more centralized > resolver farm. > > Paul > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy >
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy