Wes Hardaker wrote on 2019-03-22 21:03:
Kenji Baheux <[email protected]> writes:
* We are considering a first milestone where Chrome would do an automatic
upgrade to DoH when a user’s existing resolver is capable of it.
Sorry for the delayed question, but with respect to this bullet:
1) ...
2) ...
while i feel and echo wes's two questions, mine is different.
if all you have is an ip address (say, from dhcp or resolv.conf), how
would you decide whether the https endpoint you found at that address,
was using an x.509 key you had any reason to trust? https wants names.
i've run into this before. http://dot.tt.ed.quad/ is an easy grab, but i
don't know how to negotiate for https://dot.tt.ed.quad/. if this is a
solved problem, then i apologize to all present, for not doing my
homework before opening up in public.
--
P Vixie
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
