Tom Pusateri wrote:
Come to think of it, DNSSEC validation in the stub resolver or browser is really a place DoH could shine. Instead of all the round trips required for validating up (down) the chain, the webserver could package up all those validated records and push them so the client/stub could do the validation quickly for all of the links in a page in an order that the user is most likely to need based on previous statistics and scrolling position.
that's what the DOT people said, and what mr. wouters said before he offered the first internet draft on certificate chain responses. so, yes, but DOH is somewhat late to that party, and shows some ignorance.
-- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
