Tom Pusateri <pusat...@bangj.com> wrote: > Come to think of it, DNSSEC validation in the stub resolver or browser > is really a place DoH could shine. Instead of all the round trips > required for validating up (down) the chain,
With DNS to a recursive server (UDP, TCP, or TLS) as currently deployed, you only need 1 round trip in simple cases or 2 round trips if there's a CNAME or SRV (etc.) because you know ahead of time all the queries you need to make to get the validation chain and they can trivially be pipelined. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ individual and social justice _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
