why all that complexity? if some remote device (iot thingy) wants 'dns over
http' why would it not (as a first order answer) just ask
/cgi-bin/dnslookup for 'srv:foo.com' ? (returned answer in txt, json,
etc...)
why bother with a bunch of javascript tomfoolery?
Security in IoT is close to an oxymoron, but my device would like to check
the signature before trusting what your proxy says.
Also, as I mentioned in another message, unless you plan to carefully
maintain your proxy to handle and translate every rrtype, we're going to
want to use rr's that it doesn't handle. I suppose it might return a json
blob of TYPE1234, but you might as well just send the binary stuff at that
point.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
