Hi dprive, dkg and I have been working on a draft [1] on unilateral, opportunistic DNS probing for encrypted connections between recursive resolvers and authoritative servers. We welcome the groups' feedback on the early work we have so far.
[1] https://dkg.gitlab.io/dprive-unilateral-probing/ The draft's main difference from draft-ietf-dprive-unauth-to-authoritative is that we currently focus on probing instead of signaling; we're trying to define *how* to probe for encrypted transports in a way that is the most efficient (that is, that introduces the smallest costs to the participants in the ecosystem), without introducing any new protocol elements. >From drafting this proposal, we believe that signaling seems necessary for strong (authenticated) encryption, but we don't think that there is any reason to delay deployment of protection against passive observers while the WG hashes out the details of the signal. We also think this proposal highlights some of the most relevant factors potentially needed in the signal. We will present the work at the upcoming DPRIVE meeting at IETF 112 (Thursday Session I, 12:00-14:00 UTC). All your comments, critiques, and suggestions very much welcome, -- dkg and Joey
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
