On Tue 2017-11-14 12:04:19 +0100, Sara Dickinson wrote: > This draft is now ready to progress once a -12 version is available. I > just want to circle back round to summarise the fact that the only > proposed difference that will be in the -12 version compared to -11 is > the following (in section 7.2. Direct configuration of ADN only): > > Current text: > > “It can then use Opportunistic DNS connections to an untrusted recursive > DNS resolver to establish the IP address of the intended privacy- > enabling DNS resolver by doing a lookup of A/AAAA records. Such > records SHOULD be DNSSEC validated when using a Strict Usage profile > and MUST be validated when using Opportunistic Privacy." > > New text: > “It can then use Opportunistic DNS connections to an untrusted recursive > DNS resolver to establish the IP address of the intended privacy- > enabling DNS resolver by doing a lookup of A/AAAA records. A > DNSSEC validating client SHOULD apply the same validation policy > to the A/AAAA meta-query lookups as it does to other queries. > A client that does not validate DNSSEC SHOULD apply the same policy (if any) > to the A/AAAA meta-query lookups as it does to other queries." > > I hope I captured the consensus correctly? Please let me know as I > intend to put out the -12 (final) version next Monday (20th).
The text looks good to me. thanks for taking care of this, Sara. --dkg _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy