On Wed, Apr 22, 2015 at 6:24 PM, Ted Hardie <[email protected]> wrote:
> On Wed, Apr 22, 2015 at 10:15 AM, [image: ๐]Dan Wing <[email protected]> > wrote: > >> During the DPRIVE meeting in Dallas, several questions came up about UDP >> versus TCP. We had previously submitted a "DNS over DTLS" document which >> predated DPRIVE. We re-submitted the document with a few edits and a >> filename that makes it easier to find, >> https://tools.ietf.org/html/draft-wing-dprive-dnsodtls, diffs at >> https://tools.ietf.org/rfcdiff?url1=draft-wing-dnsop-dnsodtls-01&url2=draft-wing-dprive-dnsodtls-00 >> >> The working group may want to consider the advantages of DNS over DTLS >> over UDP compared to using TCP: >> >> * No reliance on operating system support of TCP Fast Open [RFC7413] to >> achieve same number of round trips. >> * Avoidance of TCP's network head of line blocking. >> >> > โJust to confirm my understanding, with DTLS plus anycast, you'd have > similar issues for restart as TCP (state being associated with a single > endpoint, timeout required for flushing state). Is that your thinking as > well?โ > > regards, > > Ted > I am not an expert on DTLS but that was the concern that made me avoid using it. I want a completely stateless resolver, not just UDP. That means using either a very fast ECC scheme for authentication or some sort of kerberos ticket. There are TLS features that may be sufficient but I worry about the number of framing bytes.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
