[getdns-api] STARTTLS in GetDNS

John Dickinson jad at sinodun.com
Tue Jul 1 06:48:33 MST 2014

Hi Paul,

We chatted about this briefly at ICANN and you asked me to remind you with an email.

draft-hzhwm-start-tls-for-dns-00 defines a starttls encryption method for DNS. I consider it to be hop by hop opportunistic encryption. According to my brief reading of draft-hoffman-uta-opportunistic-tls-00 opportunistic  means "An application supports opportunistic encryption using TLS if the application attempts to perform TLS negotiation without the user who is running the application knowing whether or not TLS is in use.”

So if I were to add STARTTLS to GetDNS should it be done in the context or in an extension?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.vpnc.org/pipermail/getdns-api/attachments/20140701/0b0add3a/attachment.bin>

More information about the getdns-api mailing list