Hi Paul,
Please see inline
On Wed, 17 Jul 2019 at 21:47, Paul Hoffman wrote:
> On Jul 17, 2019, at 7:36 AM, tirumal reddy wrote:
> >> One example is that the stub or browser may want to change DoH servers,
> such as if it has discovered one that has a better security policy.
> >>
> > Attackers
On Jul 17, 2019, at 7:36 AM, tirumal reddy wrote:
>> One example is that the stub or browser may want to change DoH servers, such
>> as if it has discovered one that has a better security policy.
>>
> Attackers can also host DoH servers and claim they have better security
> policy, How will the
Hi Paul,
Please see inline
On Thu, 11 Jul 2019 at 05:55, Paul Hoffman wrote:
> On Jul 9, 2019, at 3:46 AM, tirumal reddy wrote:
> > My comments below:
> >
> > 1) Unless a DNS request for .{in-addr,ip6}.arpa/IN/RESINFO,
> >or a subdomain, as described in Section 2 is sent over DNS-over-TLS
On Fri, 12 Jul 2019, Paul Wouters wrote:
>
> I find the term "security policy", a bit unnerving here. A DNS server
> is either secure (and tells the truth), or it is not secure (and tells
> lies). There is no "better". Some people say lying is more "secure for the
> user", but that can really on
On Thu, 11 Jul 2019, Paul Hoffman wrote:
Comment> If the stub resolver is already using DoH with the recursive resolver,
why does it have to determine the URI template of the DoH server?
One example is that the stub or browser may want to change DoH servers, such as
if it has discovered one
On Jul 9, 2019, at 3:46 AM, tirumal reddy wrote:
> My comments below:
>
> 1) Unless a DNS request for .{in-addr,ip6}.arpa/IN/RESINFO,
>or a subdomain, as described in Section 2 is sent over DNS-over-TLS
>(DoT) [RFC7858] or DNS-over-HTTPS (DoH) [RFC8484], or unless the
>.{in-addr,ip6}.
On Thu, 4 Jul 2019, Paul Hoffman wrote:
Can you say more about what you mean? Is it a prediction, or a
measurement, or a mixture, or something else?
A prediction based on current measurements. Seriously, I'd love to be shown to
be wrong in the future.
We needed this for the freeswan project
On Jul 3, 2019, at 7:13 PM, Joe Abley wrote:
> On Jul 3, 2019, at 20:40, Paul Hoffman wrote:
>
>> If we want DNSSEC signing, we have to use the DNS reverse tree for the
>> names, even though only a tiny percent of that tree will be signed.
>
> Aside from those parts of the in-addr.arpa and ip6
Moin!
On 4 Jul 2019, at 2:40, Paul Hoffman wrote:
I don't see the parallel with RFC 8484. We cannot force resolver
vendors to care enough about announcing information about themselves
to use either protocol. And we certainly cannot tell applications how
to search for information. We can, howev
Hi Paul,
On Jul 3, 2019, at 20:40, Paul Hoffman wrote:
> If we want DNSSEC signing, we have to use the DNS reverse tree for the names,
> even though only a tiny percent of that tree will be signed.
Aside from those parts of the in-addr.arpa and ip6.arpa domains that
correspond to special-use a
On Jul 1, 2019, at 4:11 PM, 神明達哉 wrote:
>
> At Sat, 29 Jun 2019 22:55:07 +,
> Paul Hoffman wrote:
>
> > > - I think the RESINFO RDATA specification (at least its wire format,
> > > and preferably also the presentation format) should be more clearly
> > > specified. At least to me it wa
On Jun 30, 2019, at 1:08 AM, Ralf Weber wrote:
> On 30 Jun 2019, at 1:01, Paul Hoffman wrote:
>>> - The draft offers two methods of retrieving the object but says nothing
>>> about which is mandatory (Me being a lazy DNS geek will certainly not put a
>>> web server on my DNS server so won’t impl
At Sat, 29 Jun 2019 22:55:07 +,
Paul Hoffman wrote:
> > - I think the RESINFO RDATA specification (at least its wire format,
> > and preferably also the presentation format) should be more clearly
> > specified. At least to me it was not very clear, and I'm afraid
> > this can lead to
Moin!
On 30 Jun 2019, at 1:01, Paul Hoffman wrote:
- The draft offers two methods of retrieving the object but says
nothing about which is mandatory (Me being a lazy DNS geek will
certainly not put a web server on my DNS server so won’t implement
3). Will it still work? Why?
Neither is mand
On Jun 29, 2019, at 2:22 PM, Ralf Weber wrote:
>
> Couple of questions/remarks that may have been asked/answered (but are not
> discussed in the draft thus I’m asking).
>
> - The draft offers two methods of retrieving the object but says nothing
> about which is mandatory (Me being a lazy DNS
Thanks for the review!
On Jun 28, 2019, at 1:06 PM, 神明達哉 wrote:
> I don't have a strong opinion on the adoption, but I'm willing to
> review it. My comments on 02 follow:
>
> - I think the RESINFO RDATA specification (at least its wire format,
> and preferably also the presentation format) sh
16 matches
Mail list logo