One issue that is likely to arise regardless of the specific technique used for
signaling availability of ADoT is the cost differential between popular and
less popular name servers (referring to number of zones and/or aggregate zone
popularity).
It is clear that the costs to revolvers will be
On Sun, Nov 15, 2020 at 6:08 AM Peter van Dijk
wrote:
> On Sat, 2020-10-31 at 13:52 -0700, Brian Dickson wrote:
> > The most unambiguous signal possible, is the presence of a TLSA record
> on _853._tcp..
>
> That's quite a far reaching statement, and I believe it likely to be
> wrong.
>
>
I
On Wed, 2020-11-11 at 19:07 +, Tony Finch wrote:
>
> * Encryption would apply to the server as a whole, whereas the
> working group consensus is that it should be possible for
> different zones on the same server to use encrypted and
> unencrypted transports.
(plus, in another
On Sun, 2020-11-15 at 16:52 +, Paul Hoffman wrote:
> Thanks for the response! I hope that there is more list discussion before the
> WG meeting this week.
>
> On Nov 15, 2020, at 5:52 AM, Peter van Dijk
> wrote:
> > The cost of port checking is not low.
>
> We disagree in the general
On Nov 15, 2020, at 6:08 AM, Peter van Dijk wrote:
>
> On Sat, 2020-10-31 at 13:52 -0700, Brian Dickson wrote:
>> The most unambiguous signal possible, is the presence of a TLSA record on
>> _853._tcp..
>
> That's quite a far reaching statement, and I believe it likely to be
> wrong.
+1. The
Thanks for the response! I hope that there is more list discussion before the
WG meeting this week.
On Nov 15, 2020, at 5:52 AM, Peter van Dijk wrote:
>
> On Wed, 2020-11-04 at 15:04 +, Paul Hoffman wrote:
>> It would be useful if a resolver could tell in advance, and at a cost less
>>
On Sat, 2020-10-31 at 13:52 -0700, Brian Dickson wrote:
> The most unambiguous signal possible, is the presence of a TLSA record on
> _853._tcp..
That's quite a far reaching statement, and I believe it likely to be
wrong.
> Using NS names in a separate zone or zones (for each DNS operator) is
On Wed, 2020-11-04 at 15:04 +, Paul Hoffman wrote:
> It would be useful if a resolver could tell in advance, and at a cost less
> than port-checking. There could be a new protocols developed to do that. I
> don't see this as a requirement, though, given the low cost of port-checking.
The
On Wed, 2020-08-12 at 12:51 +0200, Peter van Dijk wrote:
> Delegation NS records are not signed, so do we stick -those- (or a hash
> of the NSset perhaps?) into DS?
https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-delegation-information-signer/?include_text=1
Kind regards,
--
Peter van
