Paul,

On 20/06/2024 03.31, Paul Wouters wrote:
On Wed, 19 Jun 2024, Tim Wicinski wrote:

On Wed, Jun 19, 2024 at 2:49 PM Paul Vixie <paul=40redbarn....@dmarc.ietf.org> wrote:       This document makes the argument that because of how things work at the
      moment, we should limit our aspirations.

      I completely disagree.

I agree with Paul.  We deserve nice things - we may not be there today, but we should strive to get there.

tim

(with no hats)

Also with no hats, I agree with Tim and PaulV. Additionally, I find the
handwaving of "use QUIC" very dangerous. QUIC means TLS which means you
need a working DNS, so you can't always do DNS over QUIC until you have
a working DNS connection.

As a DNS weenie I find the relationship between TLS and DNS to be unclear and confusing.

I guess you are talking about the names embedded in the X.509 certificates when you say that TLS means you need a working DNS? Is this something that is strictly true, or only practically? And in either case, how?

Certainly there are circular referencing issues here, which I think we're going to run into full-force in the DELEG work, as one goal of DELEG is to allow domains to bootstrap recursive-to-authoritative queries over TLS.

I'm happy to do homework here, if you or anyone else has good references to a document or something else describing how DNS and TLS interact.

Cheers,

--
Shane

Attachment: OpenPGP_0x3732979CF967B306.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org

Reply via email to