Talked with Jim Roskind who did the QUIC talk back in Vancouver. I
include his comments:
----
I actually discussed this in a hallway discussion at the Canada IETF
meeting.
I think it would fit well, as it has the potential to offer zero-RTT
connect (similar to what DNS over UDP effectively supports today), and
yet it will better (actually) handle guaranteed delivery, as well as
deal with large return packages (DNS Sec). DNS currently supports
(sadly) an amplification attack of about 50x, and in QUIC, we worked
hard to control this problem.
IT is also nice that it is encrypted.... which means that folks will get
some extra privacy, and not reveal (to observers) what they are
resolving ;-).
One hassle is that we do try to encrypt/authenticate... and with an IP
address only (pointing to the DNS resolver), I don't see a clean way to
have a cert providing authentication :-/. I guess you *could* implant
(into a client) a combination of both the DNS resolver's IP address,
*plus* an expected server name. Fun stuff to ponder ;-).
IMO, interesting, and plausibly nice, fit.
Jim
---------
On 3/5/14, 2:19 PM, Stephane Bortzmeyer wrote:
On Wed, Mar 05, 2014 at 11:33:07AM +0000,
Miek Gieben <m...@miek.nl> wrote
a message of 22 lines which said:
Can't we use QUIC
(http://www.ietf.org/proceedings/88/slides/slides-88-tsvarea-10.pdf) ?
It seems to me that a lot of use cases covered in dnse are being addressed
in this protocol.
It's partly a problem of timing. How long before QUIC is ready and
implemented?
But you're right, I'll add it to the next version of
draft-bortzmeyer-dnsop-privacy-sol.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
