On Dec 9, 2021, at 19:18, Robert Evans <[email protected]> wrote: > > > Hi dprive folks, > > TL;DR can we make incremental progress using TLSA as a signal?
Yes. > Is anyone else interested in supporting this approach? I'm considering > writing up an I-D for this and welcome early feedback about whether or not > this might be worth adopting, at least for consideration on an experimental > basis for early adopters. Yes. > p.s. Why not SVCB? In short it's unnecessary indirection and complexity. TLSA > is minimal and sufficient for now. And nothing prevents SVCB from using (the > same?) TLSA records in the future for TLS certificate associations. On the fence on this one. We want to prevent needing to query for multiple records to determine nameserver support. So doing TLSA now and SVCB later would be less ideal, unless nameservers would throw both in the additional section. Paul _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
