Re: [Last-Call] [Add] Last Call: <draft-ietf-add-dnr-09.txt> (DHCP and Router Advertisement Options for the Discovery of Network-designated Resolvers (DNR)) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 29 Jun 2022 at 06:21, Martin Thomson <mt@xxxxxxxxxxxxxx> wrote:
Thanks for the response Med.

On Tue, Jun 28, 2022, at 19:39, mohamed.boucadair@xxxxxxxxxx wrote:

Thanks for the response on DDR.  I forgot that was there.

Can you please make DDR a normative reference?  It's informative right now.

You missed this piece:

>> Do you have an A/AAAA fallback? 

I take it from your answer that this is a "no".  I'll take that to the DDR spec though; it's not your problem to deal with.

> [Med] Here is a proposal for discussion:
>
> NEW:
>    The client verifies the connection based on PKIX validation [RFC5280]
>    of the DNS resolver certificate and uses the validation techniques as
>    described in [RFC6125] to compare the authentication domain name
>    conveyed in the Encrypted DNS options to the certificate provided
>    (see Section 8.1 of [RFC8310] for more details).  The client uses by
>    default PKIX validation unless configured otherwise.

This looks much better thanks.  The last sentence doesn't really say anything new (PKIX validation is required based on the first sentence).  I think that you want to say *Web PKI trust anchors* by default.

Sounds good, will update text to say "The client uses Web PKI trust anchors by default unless configured otherwise to use explicit trust anchors". 

-Tiru 

--
Add mailing list
Add@xxxxxxxx
https://www.ietf.org/mailman/listinfo/add
-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux