Stephane Bortzmeyer: > On Tue, Feb 12, 2019 at 03:56:04PM +0800, > zuop...@cnnic.cn <zuop...@cnnic.cn> wrote > a message of 546 lines which said: > >> I am considering extending the DoH protocal to authoritative >> servers. > > Why DoH and not DoT? DoH is useful because 1) port 853 may be blocked > at the edge of the network 2) applications running in a Web browser > may need DNS data. But these two reasons do not apply to your use case > 1) the resolver is often closer to the core and there is less risk > that 853 is blocked 2) there is no Web browser on the resolver.
Hi Stephane, Both of those assumptions are false when the user has installed a recursive resolver on their home computer, as is the case when the user has installed DNSSEC-Trigger. They're also false when the user has installed Namecoin, since Namecoin domain names often delegate to DNS via NS+DS records. (Of course, it could be argued that Namecoin users need to deal with network censorship of Namecoin protocol traffic anyway, but I don't see any reason to make the situation unnecessarily worse by avoiding DoH.) Cheers, -- -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmob...@airmail.cc Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C Send non-security-critical things to my Mobile with OpenPGP. Please don't send me unencrypted messages. My business email jer...@veclabs.net is having technical issues at the moment.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
