Yeah, I have to agree with Ekr and Rich here. However, if the issues are so widespread to make a deal breaker as some say, that will inhibit adoption. After all, the IETF can't make people use ECH, and it's easy enough to strip the ECH extension at the cost of interoperability. Obviously, the WG thinks people will use it.
thanks, Rob On Fri, Oct 4, 2024 at 5:08 AM Eric Rescorla <e...@rtfm.com> wrote: > I don't really think it's helpful to re-litigate the broader topic of the > merits of ECH; nothing we say in security considerations will make a > material difference there. > > With that said, I don't love the last sentence as we know users don't > really choose their resolvers. How about simply stating the facts: > > "This specification does not effectively conceal the target domain name > from an untrusted resolver." > > > -Ekr > > > On Thu, Oct 3, 2024 at 9:41 AM Salz, Rich <rsalz= > 40akamai....@dmarc.ietf.org> wrote: > >> I do not think this conflict of views can be resolved. The draft is >> intended to show how it ECH should be used to preserve it’s security >> guarantees, and there are groups in the DNS community who say this prevents >> their normal course of operation, and providing the features that they >> provide. I apologize in advance if anyone finds my wording clumsy or, >> worse, offensive. I was trying to use neutral words throughout. >> >> >> >> I think we just acknowledge that in the security considerations and >> declare the issue closed. >> _______________________________________________ >> DNSOP mailing list -- dnsop@ietf.org >> To unsubscribe send an email to dnsop-le...@ietf.org >> > _______________________________________________ > TLS mailing list -- t...@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
