Hi Eric Arnaud Taddei Global Security Strategist | Enterprise Security Group
mobile: +41 79 506 1129 Geneva, Switzerland arnaud.tad...@broadcom.com <mailto:arnaud.tad...@broadcom.com> | broadcom.com > On 4 Oct 2024, at 14:07, Eric Rescorla <e...@rtfm.com> wrote: > > I don't really think it's helpful to re-litigate the broader topic of the > merits of ECH; nothing we say in security considerations will make a material > difference there. Fundamentally same line for me > With that said, I don't love the last sentence as we know users don't really > choose their resolvers. How about simply stating the facts: > > "This specification does not effectively conceal the target domain name from > an untrusted resolver." Sounds pragmatic > > > -Ekr > > > On Thu, Oct 3, 2024 at 9:41 AM Salz, Rich <rsalz=40akamai....@dmarc.ietf.org > <mailto:40akamai....@dmarc.ietf.org>> wrote: >> I do not think this conflict of views can be resolved. The draft is intended >> to show how it ECH should be used to preserve it’s security guarantees, and >> there are groups in the DNS community who say this prevents their normal >> course of operation, and providing the features that they provide. I >> apologize in advance if anyone finds my wording clumsy or, worse, offensive. >> I was trying to use neutral words throughout. >> >> >> >> I think we just acknowledge that in the security considerations and declare >> the issue closed. >> >> _______________________________________________ >> DNSOP mailing list -- dnsop@ietf.org <mailto:dnsop@ietf.org> >> To unsubscribe send an email to dnsop-le...@ietf.org >> <mailto:dnsop-le...@ietf.org> -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
