Paul Vixie:> if all you have is an ip address (say, from dhcp or resolv.conf), how > would you decide whether the https endpoint you found at that > address, was using an x.509 key you had any reason to trust? https > wants names.
https works also without names it is just less common. Example: https://1.1.1.1/ but event that is not needed in this specific case since Kenji mentioned that they plan to initially ship a hardcoded list that maps resolver IPs to DoH URIs. From the thread on the dns-privacy list: > Until there is a better discovery story, we could have a list of > known-to-be-DoH-compatible DNS providers that we could check against and > map accordingly. -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
