Moin!
On 13 Mar 2023, at 0:43, Brian Haberman wrote:
> The chairs will note that the document is currently marked as Proposed
> Standard and that there has been a suggestion to move it to Experimental. If
> you have an opinion on the status at this time, please include it in your
> feedback to the WG mailing list. We will revisit the status of the document
> before it gets advanced to our AD.
As I don’t think probing for secure transport is a good idea and hope that we
will come up with better solutions that follows the DNS delegation model. This
will make this draft obsolet I think it is prudent to mark it experimental.
Overall I think the draft is going into too much implementation detail, which
is shown by real world implementations having slightly different choices.
While I think using IP addresses for authoritative server selection is a
natural choice there have been cases where an authoritative server on the same
IP answers differently deepening on the domain asked, which will not work well
with the detailed implementation of that draft.
Another thing I find a bit strange is that in
4.6.7. Handling Clean Shutdown of an Encrypted Transport Connection
The encrypted resolution is tried immediately again with no back off time. This
makes it hard for the authoritative server that wants to limit resource
exhaustion. Why are we not using the dampening timer here and instead force the
authoritative server to have an unclean shutdown (4.6.5) in order to keep the
client away for some time?
So long
-Ralf
——-
Ralf Weber
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
