Hi Arnaud,
I believe your assessment that many network administrators think they need to
block access to certain domains and/or disable the usage of ECH via network
service configuration. I also believe that they are generally incorrect, since
ECH does not conceal any information that a firewa
The Transport Layer Security (tls) WG will hold a virtual interim meeting on
2024-10-16 from 14:00 to 16:00 America/New_York (18:00 to 20:00 UTC).
Agenda:
FATT Process
Information about remote participation:
https://meetings.conf.meetecho.com/interim/?group=7627d881-2175-4086-899f-657548e64b52
I am taking this thread on the fly and I do have a number of concerns with what
I read and I align with Paul Vixie here.
First I disagree with Ben on “I don’t see any reason why an enterprise, etc.” …
I DO see reasons here confirmed in a campaign of discussions about ECH with no
less than 70 or
Signed isn't the same as authentic. Authentic means as the zone owner
publishes. We must not lodge in this document a requirement that a DNS server
not be protective. Protective means not all answers flow equally.
p vixie
On Oct 2, 2024 08:56, Paul Wouters
wrote:
[drifting off topic]
[drifting off topic]
> On Oct 2, 2024, at 00:10, Paul Vixie
> wrote:
>
>
>
>
> i would not. much of the world now relies upon inauthentic dns responses for
> defense against bad actors.
that's a limitation of RPZ. Years ago I proposed to move the Answer to the
Authority section so you c
