On Tue, Jan 07, 2020 at 06:37:38PM +0000, Sara Dickinson <sara@xxxxxxxxxxx> wrote a message of 278 lines which said: > There is currently no standardized discovery mechanism for DoH and > Strict DoT servers so applications that might want to dynamically > discover such encrypted services are not able to. At the time of > writing, efforts to provide standardized signalling mechanisms for > applications to also discover the services offered by local > resolvers are in progress > [I-D.ietf-dnsop-resolver-information]. Note that an increasing > numbers of ISPs are deploying encrypted DNS, for example see the > Encrypted DNS Deployment Initiative [EDDI]." I disagree with this text, since it seems to imply that a discovery mechanism would be a good thing. I suggest instead that any discovery mechanism threatens the goal of DoE (DNS over Encryption) since it could be easily used to direct users to a resolver which they disagree with (for the same reason, DoH on Internet Access Providers is not very interesting since, if you trust your access provider, you don't really need DoE). The point of DoE is to be able to have a secure link to the resolver you decided to trust. If we are to mention discovery, I demand that the text should be more neutral, not implying that we are missing something. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
