Paul, On 20/06/2024 03.31, Paul Wouters wrote:
On Wed, 19 Jun 2024, Tim Wicinski wrote:On Wed, Jun 19, 2024 at 2:49 PM Paul Vixie <paul=40redbarn....@dmarc.ietf.org> wrote: This document makes the argument that because of how things work at themoment, we should limit our aspirations. I completely disagree.I agree with Paul. We deserve nice things - we may not be there today, but we should strive to get there.tim(with no hats)Also with no hats, I agree with Tim and PaulV. Additionally, I find the handwaving of "use QUIC" very dangerous. QUIC means TLS which means you need a working DNS, so you can't always do DNS over QUIC until you have a working DNS connection.
As a DNS weenie I find the relationship between TLS and DNS to be unclear and confusing.
I guess you are talking about the names embedded in the X.509 certificates when you say that TLS means you need a working DNS? Is this something that is strictly true, or only practically? And in either case, how?
Certainly there are circular referencing issues here, which I think we're going to run into full-force in the DELEG work, as one goal of DELEG is to allow domains to bootstrap recursive-to-authoritative queries over TLS.
I'm happy to do homework here, if you or anyone else has good references to a document or something else describing how DNS and TLS interact.
Cheers, -- Shane
OpenPGP_0x3732979CF967B306.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org