All,
I want to start working through the details of what Stephen is
proposing below; beginning to do operational experiments to determine
which approach, or approaches, may be viable in the long term. To carry
out such experiments, I believe we need the following:1. A stable I-D for an approach to providing privacy between recursive resolvers and authoritative servers, 2. An implementation of the stable I-D in a recursive resolver and in an authoritative server implementation, 3. At least one authoritative server operator willing to deploy the experimental implementation, 4. At least one recursive resolver operator willing to deploy the experimental implementation, 5. An agreed upon set of metrics to assess the operational behavior of the approach, Is there a major item missing from the list above? Other aspects of carrying out such an experiment? Are there any volunteers to start working on details of such an experiment? Regards, Brian On 8/2/21 9:22 AM, Stephen Farrell wrote: > > Hiya, > > On 02/08/2021 05:21, Martin Thomson wrote: >> If we decided on a single answer for the first and in the negative >> for the second, would that make authentication viable? > > IMO we ought not just "decide" on most of the tricky ADoX > issues but we should rather document the options sufficient > to allow people to do experiments and then wait and see how > those experiments go. I'd say a stable I-D is probably > enough documentation to allow for experiments and I'd hope > such experiments could be done in 6-12 months. I'd expect > we might still be left with a few tricky issues, but that > a number of those (where we might make wrong choices now) > would be resolved once people try 'em out. > > So my suggestion is to review the I-Ds we have with a view > to figuring out what's missing that's needed to allow such > experiments, fix that and then "park" those I-Ds 'till we > get results. That could be similar to how drafts are declared > to be "interop drafts" in other WGs or could be a WGLC-like > process. > > If we decided to try go that way, I'd be happy to try help > get some such experiment going. > > Cheers, > S. > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy >
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
