On Jul 10, 2018, at 17:22, Adam Roach <[email protected]> wrote: > Basically, you're describing a solution space that could be realized as > something like: > > <img src="https://example.com/img/f.jpg"; ip="192.0.2.1">
Ok, interesting. I would suggest considering a richer scheme that accommodates address families and multiple addresses with priorities, but I see how that kind of thing would allow a client to do so certificate matching and resource retrieval without using the DNS. > But this is really equivalent in just about every important way to sending > the normal <img src="https://example.com/img/f.jpg";> along with a pushed DNS > record that indicates that "example.com" resolves to "192.0.2.1" -- and this > latter thing is (to my understanding, at least) in scope of the conversation > that Patrick is proposing to have. My question is why you would involve the DNS at all if all the performance-based resolution decisions can be made without it. You're just adding cost and complexity without benefit. > Note: I'm not saying anything about the trust issues that arise in either > case, and I'm not trying to gloss over the need to perform a really careful > analysis; Likewise. However, I think DNS protocol advice is probably more useful as input to the analysis if it's clear that the DNS is necessarily involved. Joe _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
![https://example.com/img/f.jpg"](https://example.com/img/f.jpg"){kind=link}