Hi,
Thanks for the feedback. I think one of the issues here is that DNS (at the OS Resolver) level is headless, meaning there may not be an interactive user logged into the device – however the DoH connection would still need to have some type of identity/auth for those use cases. mTLS can work for this – but the PKI headache for customers might be a barrier. I would prefer to use WebAuthN – but again that is an interactive-auth as there is no facility in WebAuthN for doing Device-level identity assertions today (headless) independent from the user identity. -Vinny From: Alec Muffett <[email protected]> Sent: Tuesday, October 26, 2021 12:17 PM To: Vinny Parla (vparla) <[email protected]> Cc: [email protected] Subject: Re: [dns-privacy] DoH Identity / Authentication... On Tue, 26 Oct 2021, 17:10 Vinny Parla (vparla), <[email protected] <mailto:[email protected]> > wrote: I would appreciate your thoughts/comments on this… It sounds sensible to me. Please just make it usable via standard "curl" and/or amenable to standard web load-balancing. Or simply ratify Auth/Basic and go from there? https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication -a
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
