> -----Original Message----- > From: dns-privacy [mailto:[email protected]] On Behalf Of Nicholas > Weaver > Sent: Thursday, April 24, 2014 1:58 AM > To: Paul Wouters > Cc: dnsop; Nicholas Weaver; [email protected] > Subject: Re: [dns-privacy] [DNSOP] DNS over DTLS (DNSoD) > > > On Apr 23, 2014, at 1:00 PM, Paul Wouters <[email protected]> wrote: > > No, I fully disagree with this. Port 53 TCP has a much better chance > > at working these days than a random other newly assigned port.
On the contrary, Firewalls are configured today to permit UDP port 53 and block TCP port 53. Why should firewalls change their configuration ? DNSoD does not require any changes to the Firewall configuration. Browsers already support DTLS because of WebRTC (SRTP-DTLS for media streams, SCTP over DTLS over UDP for data channels). Cheers, -Tiru > > Not true. Port 53 is far more molested than "random": INBOUND firewall rules > prevent you from running new services without firewall rule modifications, but > outbound blocking is far less common. (Our test port for this is TCP 1947 > with > Netalyzr). > > > -- > Nicholas Weaver it is a tale, told by an idiot, > [email protected] full of sound and fury, > 510-666-2903 .signifying nothing > PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
