On Tuesday, 12 March 2019 21:38:44 UTC Stephen Farrell wrote: > On 12/03/2019 21:11, Paul Vixie wrote: > > ... > > There are reasons to want confidentiality for DNS queries > and answers, and access patterns, for which the IETF has > achieved consensus. (See RFC7626) (*)
i have no qualms about confidentiality, for traffic allowed by a network operator. it's the inability to interefere (as called for in RFC 8484) and not the inability to observe (as called for in RFC 7626) that's at issue here. > DoT is one way to tackle those problems. DoH is another. DoT does not intend to place itself beyond interference by on-path entities, and as such, my choice as a network operator is either to allow it through even though i can't see the contents, or disallow it. and that's all fine. DoH intends "to prevent on-path interference with DNS operations", and that's well beyond the remit of RFC 7626, and is therefore not spoken to one way or another by IETF consensus. i do not believe that a non-interference objective would reach broader IETF consensus. perhaps we can test that one day. vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
