Re: DNS64, DANE and DPRIV

On Sun, Dec 07, 2014 at 08:35:51AM +1100, Mark Andrews wrote:

get the DNS64 parameters securely for which there is no solution
today.


You mean, "Get the Pref64 securely"?  There is in fact a solution for
that, and it is in RFC 7050.  Moreover, it can be secured if the ISP
is not using the WKP.  So, if you're willing to do the DNS64 function
yourself and your ISP isn't using the WKP, you can have secure
answers.  (For all that, if your ISP _is_ using the WKP, then you
don't need to look it up securely.)

Can we just give up on DNS64 as a general solution to going IPv6
only.


I should hope so.  It was never intended to be a general solution, and
I think we who worked on it were crystal clear about that all along.  

Best regards,

A

-- 
Andrew Sullivan
ajs(_at_)anvilwalrusden(_dot_)com

<Prev in Thread]	Current Thread	[Next in Thread>
DNS64, DANE and DPRIV, Phillip Hallam-Baker Re: DNS64, DANE and DPRIV, Mark Andrews Re: DNS64, DANE and DPRIV, Randy Bush Re: DNS64, DANE and DPRIV, Mark Andrews Re: DNS64, DANE and DPRIV, Randy Bush Re: DNS64, DANE and DPRIV, Mark Andrews Re: DNS64, DANE and DPRIV, Randy Bush Re: DNS64, DANE and DPRIV, Phillip Hallam-Baker Re: DNS64, DANE and DPRIV, Andrew Sullivan <= Re: DNS64, DANE and DPRIV, Ted Lemon Re: DNS64, DANE and DPRIV, Phillip Hallam-Baker Re: DNS64, DANE and DPRIV, Michael Richardson Re: DNS64, DANE and DPRIV, Andrew Sullivan Re: DNS64, DANE and DPRIV, Phillip Hallam-Baker

Previous by Date:	Re: DNS64, DANE and DPRIV, Phillip Hallam-Baker
Next by Date:	Re: Gen-ART and OPS-Dir review of draft-ietf-json-text-sequence-09, Patrik Fältström
Previous by Thread:	Re: DNS64, DANE and DPRIV, Phillip Hallam-Baker
Next by Thread:	Re: DNS64, DANE and DPRIV, Ted Lemon
Indexes:	[Date] [Thread] [Top] [All Lists]