Hollenbeck, Scott wrote:
>
> It's not an EPP limitation. We can always define an EPP extension to add
> information to the parent zone. The issue is if the zone administrator
> can/will publish that information in the zone and if EPP clients are able and
> willing to provide it.
True! I am using
I haven't seen anything written down that explains why it is difficult to
do DoT to authoritative servers. There was a good discussion earlier this
year about draft-vandijk-dprive-ds-dot-signal-and-pin which covered some
of the issues. I have done a braindump that attempts to cover all the
angles
> -Original Message-
> From: dns-privacy On Behalf Of Tony Finch
> Sent: Wednesday, November 11, 2020 2:07 PM
> To: dns-privacy@ietf.org
> Subject: [EXTERNAL] [dns-privacy] how can we ADoT?
>
> Caution: This email originated from outside the organization. Do not click
> links
> or open
On Wed, Nov 11, 2020 at 11:07 AM Tony Finch wrote:
> 2. Signal in an EDNS [@?RFC6891] or DSO [@?RFC8490] option: the
> resolver starts by connecting in the clear, and upgrades to an
> encrypted connection if the authoritative server supports it.
>
> This is vulnerable to downgrade
On Wed, Nov 11, 2020 at 11:07 AM Tony Finch wrote:
> I haven't seen anything written down that explains why it is difficult to
> do DoT to authoritative servers. There was a good discussion earlier this
> year about draft-vandijk-dprive-ds-dot-signal-and-pin which covered some
> of the issues. I
The chairs have posted the initial agenda for IETF 109...
https://datatracker.ietf.org/meeting/109/materials/agenda-109-dprive-00
Regards,
Brian
On 10/26/20 7:55 AM, Brian Haberman wrote:
> Hi all,
> As you may have seen, we have a 2-hour session allocated to us for
> IETF 109. The chairs
Manu Bretelle wrote:
>
> Totally fair, pretty sure there were no speaker notes ;) . The
> presentation is available at https://youtu.be/MIapQ6UXrdg?t=5387 .
> Originally, there was this draft
> https://tools.ietf.org/html/draft-bretelle-dprive-dot-for-insecure-delegations-01
> and the solutions
Eric Rescorla wrote:
> On Wed, Nov 11, 2020 at 11:07 AM Tony Finch wrote:
>
> > 2. Signal in an EDNS [@?RFC6891] or DSO [@?RFC8490] option: the
> > resolver starts by connecting in the clear, and upgrades to an
> > encrypted connection if the authoritative server supports it.
> >
> >
Thanks Tony for the exhaustive list of approaches with their pros and cons,
helping in deciding where the tradeoff may be made.
Having this as an ID or possibly a github repo may make it easier to refer
to/iterate than just this email.
I had attempted to quickly categorize some of those
On 11/11/2020 20:32, Manu Bretelle wrote:
Thanks Tony for the exhaustive list of approaches with their pros and cons,
+many - very useful,
Thanks,
S.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
On Wed, Nov 11, 2020 at 1:20 PM Tony Finch wrote:
> Manu Bretelle wrote:
>
> > Having this as an ID or possibly a github repo may make it easier to
> refer
> > to/iterate than just this email.
>
> Yes! https://github.com/fanf2/draft-dprive-adot
Thanks!
>
>
> > I had attempted to quickly
11 matches
Mail list logo
