- From: Adam Roach <adam@nostrum.com>
- Date: Tue, 10 Jul 2018 10:09:41 -0500
- To: Paul Wouters <paul@nohats.ca>, Philip Homburg <pch-dnsop-3@u-1.phicoh.com>
- Cc: driu@ietf.org, dnsop@ietf.org, DoH WG <doh@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>, Patrick McManus <pmcmanus@mozilla.com>
[as an individual] On 7/10/18 9:59 AM, Paul Wouters wrote: > It seems more like an extension of the Public Suffix. Which domains can > make claims about other domains. Based on the conversation that took place in DoH in Singapore, I think it's mostly *not* about this. The questions that have come up so far include: (a) If the record that is pushed to me is DNSSEC signed, is that sufficient to trust it? (b) If the record that is pushed to me is not DNS signed, but I'm using it in a context that requires TLS (e.g., HTTPS), and the thing that I connect to when I use the record can present a cert that proves its identity, is that okay? There *might* be some useful discussion that includes applying the PSL to determine who can vouch for what, but I would expect this to be of significantly lower priority; and, given DBOUND's recent failure, I doubt there's useful IETF work to be done in that space, at least for the time being. /a
Received on Tuesday, 10 July 2018 15:10:27 UTC