On 08/24/2018 04:25 PM, Paul Hoffman wrote: > Forwarding resolvers do not need special casing, I believe. If the forwarding > resolver understands the protocol, it will reply. If it doesn't understand > the protocol, it will forward and give back whatever the upstream resolver > tells it.
Oh, I assumed (perhaps wrongly) that if the OS resolver forwards to some other resolver that can do DoH, you want the browser to use *that* DoH instead of the OS resolver, at least in the usual case when there's not a good channel to the OS resolver itself. If the OS resolver validates, I don't see much difference between being a "stub" or forwarding. Anyway, all the notes I've written are about an edge case that seem a small fraction in practice - dumb stub without validation and without secure transport is still the default almost everywhere, I'm afraid. I believe I understood what you mean by the "motivation" - confirmed by you restating it. I still can't really understand why that group of cases is considered useful, but presumably browser/DoH people know better what most of their users want. --Vladimir _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
