[getdns-api] STARTTLS in GetDNS
John Dickinson
jad at sinodun.com
Tue Jul 1 15:48:33 CEST 2014
Hi Paul,
We chatted about this briefly at ICANN and you asked me to remind you with an email.
draft-hzhwm-start-tls-for-dns-00 defines a starttls encryption method for DNS. I consider it to be hop by hop opportunistic encryption. According to my brief reading of draft-hoffman-uta-opportunistic-tls-00 opportunistic means "An application supports opportunistic encryption using TLS if the application attempts to perform TLS negotiation without the user who is running the application knowing whether or not TLS is in use.”
So if I were to add STARTTLS to GetDNS should it be done in the context or in an extension?
regards
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://getdnsapi.net/pipermail/spec/attachments/20140701/0b0add3a/attachment.bin>
-------------- next part --------------
_______________________________________________
getdns-api mailing list
getdns-api at vpnc.org
More information about the spec
mailing list