In your previous mail you wrote: => I keep this because your answer is not about this... > I don't understand your argument: it seems to apply to UDP over SCTP > but here we have SCTP over UDP. BTW the easiest way to convert DNS > over UDP into DNS over SCTP is to use an ALG (application layer > gateway) which in the DNS is known as a caching server (such servers > are already used to provide IPv4/IPv6 transport conversion). The goal is to apply the SCTP protocol as a means to better protect DNS from source spoofing, resource exhaustion, reflected attack exploitation, and increased latency. => not only this is very arguable (for instance about the resource exhaustion) but no hop-by-hop/channel security, even something as strong as TSIG, can provide what we need, i.e., end-to-end/object security (*). Regards Francis.Dupont@xxxxxxxxxx PS (*): I use the common meaning of end-to-end, not Masataka Ohta's one. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf