Hiya,
On 10/4/24 19:30, Paul Wouters wrote:
Which makes me wonder if it makes sense to advise long TTLs on these records so that they move along on your phone/laptop even if you enter these kind of networks.
There's a tension between that and getting better forward-secrecy by rotating ECH keys regularly. I don't think we're yet at a point where we'd have something that useful to recommend in terms of resolving that tension. (And that's ignoring the tension between wanting, and disliking, ECH;-) Maybe one to consider in a year or two when there's more operational experience. Cheers, S.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
