Re: [dns-privacy] [Ext] Secdir early review of draft-ietf-dprive-unilateral-probing-07

I'm fine with all those decisions. On 6/23/23, 8:50 PM, "Paul Hoffman" mailto:paul.hoff...@icann.org>> wrote: Belated thanks for this review. I've accepted many of the nits without note, but some notes below. --Paul Hoffman On Jun 9, 2023, at 1:20 PM, Rich Salz via Datatracker

Re: [dns-privacy] Secdir early review of draft-ietf-dprive-unilateral-probing-07

He apologizes for his lack of Geography. (or he should) My excuse: I am a typical American, ignorant of the rest of the world :) ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy

Re: [dns-privacy] [TLS] Martin Duke's No Objection on draft-ietf-dprive-xfr-over-tls-11: (with COMMENT)

separate the domains with ALPN. I don't believe that either the IP ACL or mTLS addresses this issue, and in fact arguably mTLS makes the problem worse because it provides authenticated protocol traces which might be usable for cross-protocol attacks. -Ekr On Thu, Apr 29, 2021 at 7:26 AM Salz, R

Re: [dns-privacy] [TLS] Martin Duke's No Objection on draft-ietf-dprive-xfr-over-tls-11: (with COMMENT)

>No new protocol should use TLS without ALPN. It only opens space for > cross-protocol attacks. Did the working group consider this possibility in > their discussions? I don't believe that message has been made as public as it should be. ___