On Tue, Jul 3, 2018 at 8:40 AM, Paul Wouters <p...@nohats.ca> wrote: > On Mon, 2 Jul 2018, Eric Rescorla wrote: > > It is strongly recommended not to use TXT records. Why not use a new >> RRTYPE? Everything these days knows how to serve unknown record >> types >> (see RFC 3597). The only possibly exception is provisioning tools of >> small players, but this document starts of saying you basically need >> to be on a bulk hosting provider anyway. They can properly >> provision. >> >> See: >> https://github.com/ekr/draft-rescorla-tls-esni/issues/7#issu >> ecomment-388531906 >> > > [Can we keep the discussion within the IETF and the Note Well please. We > also don't know what happens in 10 years with these links.] >
If you look carefully, you'll see that this discussion happened weeks ago. I was just pointing you at it because you asked why we did it the way we did. With that said,IETF policy does not prohibit having discussions on Github. We do it regularly in TLS and it's the standard policy in QUIC. > quoting from that link: > > These facts lead to the conclusion that if we choose RRtype as the > method, there would often be cases where the DNS record of the > ESNIKey > and the TLS server would be required to be operated by different > entities. > > That seems to have confused two things with each other. I did not say > anything about the location of the DNS record, only of the RRTYPE. > Clearly, with the same location, it would be under control of the same > entity, so I don't understand why you bring this up as a reason against > using a dedicated RRTYPE. > I'm just quoting Kazuho here, so I'll let him respond to himself. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
