On 2012-10-02 8:24 PM, Stephane Bortzmeyer wrote: > AFAIK, no, but it is very simple and build over the existing DNS: it > is the same format as DNS-over-TCP, just over TLS+TCP.
i don't think so. too many middleboxes unpack the tcp/443 stream using a wildcard certificate, and they "know" the format of the underlying stream. it has to look like HTTP. that means POST or GET. i prefer POST, for the reasons previously stated (http://www.ietf.org/mail-archive/web/dnsext/current/msg11700.html). TLS-PSK looks too much like censorship avoidance, which this is not, but it would suffer the same fate. TLS where you negotiate one certificate but use another, likewise. paul -- "It seems like the rules for automagic completion of incomplete names typed into browsers are going to start to look like those for the game of fizbin." --rick jones _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
