On Sep 14, 2021, at 9:25 AM, Brian Haberman <[email protected]> wrote: > In the interest of moving work forward, the chairs would like to > solicit reviews for > https://datatracker.ietf.org/doc/html/draft-schwartz-ds-glue-02 > > We are especially interested in implementer and operator views on the > approach described in the draft. > > Please review and provide comments to the mailing list, chairs, or authors.
The follow-up discussion has been hard to follow because some people are assuming one or the other use case for recursive-to-authoritative encryption, and then further assuming problems with deployment. Unauthenticated recursive-to-authoritative does not need the DSGLUE proposal in order to succeed. However, if DSGLUE is standardized and implemented, resolvers using unauthenticated recursive-to-authoritative will encrypt more of their traffic, which is a good thing. Fully-authenticated recursive-to-authoritative requires DSGLUE or a similar mechanism in order to be able to set up authenticated resolution in a timely fashion (that is, without further record searching or probing). These two considerations make me think that completing the DSGLUE proposal will help increase the amount of encryption of DNS traffic, and is therefore a good thing. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
