Tom Pusateri <[email protected]> wrote: > Come to think of it, DNSSEC validation in the stub resolver or browser > is really a place DoH could shine. Instead of all the round trips > required for validating up (down) the chain,
With DNS to a recursive server (UDP, TCP, or TLS) as currently deployed, you only need 1 round trip in simple cases or 2 round trips if there's a CNAME or SRV (etc.) because you know ahead of time all the queries you need to make to get the validation chain and they can trivially be pipelined. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ individual and social justice _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
