On Fri, Mar 29, 2024 at 1:02 PM Ted Lemon via Datatracker <nore...@ietf.org> wrote:
> > I don't think it's reasonable to specify the privacy properties of SVCB and > /not/ talk about DNSSEC validation. > Could you explain more about this part? I think DNSSEC doesn't add much here, unless you want to accept non-ECH traffic. For example, many of the test servers will bounce you to some other site if you don't send ECH or screw it up in some way (speaking as someone who has screwed it up many times...). I think there might be a DoS attack here, where someone messes with the response, but they can also turn off the DNSSEC bit unless it's DoT/DoH/DoQ etc. So, if using those, it's just the trustworthiness of the DNS server itself, right? Sorry if I'm missing something. thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
