On Mon, Jun 27, 2022 at 12:43 PM Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> wrote:
...
So perhaps the document should note using SVCB to signal transport
security for nameservers derived from NS records is predicated on a
suitably secure connection to the parent zone.
The use of SVCB RRs for authoritative nameservers introduces the
possibility that the SVCB target name is different from the "service
name" in the NS record. Such additional indirection is perhaps
surprising or even undesirable.
Also, likely DoH would not be a supported transport for authoritative
servers, with DoT or DoQ being the available options.
If this draft is to be adopted for use with authoritative nameservers
these topics would warrant some further discussion, and perhaps some
minimal text is warranted to say as much.
Hi Viktor,
I think these are points worth mentioning, and I've written up some proposed text that would remind the reader about them [1]. Please review. I've tried to address these topics without focusing too heavily on the "authoritative nameserver" point because I think they actually have broad applicability.
--Ben
<<attachment: smime.p7s>>
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
