On Sun, Jul 14, 2019 at 6:59 PM Paul Vixie wrote:
> the the web community caught wind of it and threw a molatov cocktail into
> our
> movie theater -- DoH.
>
> changing DNS isn't quick or easy or cheap -- it's the trifecta of "fast,
> good,
> or cheap, choose two" and you have to say "i choose no
On Monday, 15 July 2019 01:41:10 UTC Rob Sayre wrote:
> Thank you for the elegant response. BCP 61 describes this issue well, too.
>
> https://tools.ietf.org/html/bcp61
>
> DNS seems like it still operates in the clear, and that doesn't seem good.
first we signed transactions with asymmetric key
Thank you for the elegant response. BCP 61 describes this issue well, too.
https://tools.ietf.org/html/bcp61
DNS seems like it still operates in the clear, and that doesn't seem good.
thanks,
Rob
On Sun, Jul 14, 2019 at 6:34 PM Paul Vixie wrote:
> On Sunday, 14 July 2019 23:09:00 UTC Rob Sa
On Sunday, 14 July 2019 23:09:00 UTC Rob Sayre wrote:
> Paul Vixie wrote:
> > ...
>
> Was DNS intentionally designed to be insecure?
no. nor ip itself, or ncp which preceded it, or tcp, or udp, or icmp, or smtp,
ot http. it was insecure because it evolved in a safe, germ free academic
bubble. a
Paul Vixie wrote:
> dns content filtering can be triggered by response data also, and not
just by
> the dns request (which itself might not be the initial request.) in
common use
> by dns firewalls, for example those using DNS RPZ, policy might be
triggered
> by the iteration through an authoritati
> On 13 Jul 2019, at 3:52 am, Erik Nygren wrote:
>
> One of the intended goals of ANAME is to improve interoperability of
> onboarding onto CDNs for URLs at a zone apex, such as
> “http(s)://example.com”.
>
> The TL;DR is that ANAME is unlikely to allow interoperability here unless
> auth
