> > "Are you trying to re-invent DNSSEC for people who don't want to deploy > DNSSEC?"
My magic 8-ball says "signs point to Yes" On Tue, Jul 10, 2018 at 5:09 AM, Philip Homburg <[email protected]> wrote: > >For example www.example.com pushes you a AAAA record for img1.example.com > . > >Should you use it? What if it is for img1.img-example.com ? Do the > >relationship between these domains matter? What kind of relationship (i.e. > >it could be a domain relationship, or in the context of a browser it might > >be a first-party tab like relationship, etc..)? What are the implications > >of poison? Trackers? Privacy of requests never made? Speed? Competitive > >shenanigans or DoS attacks? > > > >This was out of scope for DoH. > > Assuming that in the context of DoH reply size is not an issue, is seems to > me that this use case is already solved by DNSSEC. Just push all required > signatures, key material and DS records that allow the receiving side to > validate the additional information. > > Are you trying to re-invent DNSSEC for people who don't want to deploy > DNSSEC? > > > _______________________________________________ > Doh mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/doh >
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
