> -----Original Message----- > From: Int-area [mailto:int-area-boun...@ietf.org] On Behalf Of Matthäus > Wander > Sent: Sunday, July 06, 2014 5:56 PM > To: Paul Vixie > Cc: dnsop@ietf.org; int-a...@ietf.org > Subject: Re: [Int-area] [DNSOP] various approaches to dns channel secrecy > > * Paul Vixie [7/5/2014 7:47 PM]: > > Matthäus Wander wrote: > >> DTLS works on top of UDP (among others) and thus can pass CPE devices. > > > > no, it cannot. DTLS does not look something that the CPE was > > programmed to accept; thus in many cases it is silently dropped. > > > > DTLS can be used on top of UDP. CPE devices allow outgoing UDP sessions to > arbitrary ports. If they didn't, many online games and VoIP applications would > not work. > > Here's an example DTLS session passing my DSL router at home: > > https://www.cloudshark.org/captures/7d2ae4cfe155 > > Source code found here: > > http://marc.info/?l=openssl-users&m=113009464321966&w=3
WebRTC enabled browsers already use DTLS to secure media. -Tiru > > Regards, > Matt _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
