In your previous mail you wrote:
=> I keep this because your answer is not about this...
> I don't understand your argument: it seems to apply to UDP over SCTP
> but here we have SCTP over UDP. BTW the easiest way to convert DNS
> over UDP into DNS over SCTP is to use an ALG (application layer
> gateway) which in the DNS is known as a caching server (such servers
> are already used to provide IPv4/IPv6 transport conversion).
The goal is to apply the SCTP protocol as a means to better protect
DNS from source spoofing, resource exhaustion, reflected attack
exploitation, and increased latency.
=> not only this is very arguable (for instance about the resource
exhaustion) but no hop-by-hop/channel security, even something as
strong as TSIG, can provide what we need, i.e., end-to-end/object
security (*).
Regards
Francis(_dot_)Dupont(_at_)fdupont(_dot_)fr
PS (*): I use the common meaning of end-to-end, not Masataka Ohta's one.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf