>> why all that complexity? if some remote device (iot thingy) wants 'dns over >>> http' why would it not (as a first order answer) just ask >>> /cgi-bin/dnslookup for 'srv:foo.com' ? (returned answer in txt, json, >>> etc...)
>> Security in IoT is close to an oxymoron, but my device would like to check >> the signature before trusting what your proxy says. >> >ok, I'm sure your device has some agreement with the cooperating http(s) >server though, right? it can get the text / bas64 rrsig content just as >easily as if it were doing udp/dns. (it should probably also check ssl >certificates/etc to make sure traffic did not get wonked in flight) I don't understand what problem this solves. If you're going to provide all of the DNS results in a gooped up form, why not just provide them in a native form and let the client deal with it? R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
