On 2012-10-02 8:16 PM, Paul Wouters wrote: > ... > > AFAIK, Wouter did not submit it as a draft, and (see previous email) > I would prefer to develop something that can do HTTP or HTTPS for > dnssec-chains. If we are making anything that does 1 query per TCP > connect, or worse, 1 query per TLS connection, it will just not work.
in <http://www.ietf.org/mail-archive/web/dnsext/current/msg11700.html> i was thinking that we'd add "send chain" as an edns option, and then add generic edns tunneling over tcp/80 and tcp/443 using distinctive URI patterns to make sure to plug into the dns responder in the remote web server. there's no reason to add 'send chain' just to the tunnel. and once the tunnel is open it should be able to remain open until a quiet period, so maybe a two second client-initiated timeout. -- "It seems like the rules for automagic completion of incomplete names typed into browsers are going to start to look like those for the game of fizbin." --rick jones _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
