Executive Order 14144 - encrypted DNS
Michael De Roover
isc at nixmagic.com
Wed Jan 29 10:40:50 UTC 2025
On Wednesday, 29 January 2025 11:07:51 CET Stephen Farrell wrote:
> Hiya,
>
> On 29/01/2025 02:58, Michael De Roover wrote:
>
> > I appreciate the confirmation of this being about DoT/DoH
>
>
> Do we have any opinions as to whether the document (which
> I've not read, sorry;-) has anything to say about ADoT?
>
> Ta,
> S.
>
Hello!
I've read some members in this thread mention it, got me thinking for a bit about the handful of
domains I do authoritative service for. Now I've also come across this draft from the IETF's
Network WG, might be relevant? But it seems like it's been published in 2021 and is still a draft.
Not sure how "standard" that is in IETF lingo, but it does seem interesting.
https://www.ietf.org/archive/id/draft-dickson-dprive-adot-auth-06.html[1]
Granted, for my own domains, doing zone transfers in plain TLS over a VPN connection like
WireGuard has never failed me either. And if only WireGuard has to be security-audited, perhaps
one could argue that to reduce the amount of work needed. For applications I'd imagine it to be
necessary for each one individually. But if it streamlines things for the US government and that's
how they announce it to the world.. oh well, just not a policy I want to be burdened with as an
individual operator. I like being able to even do it over a set of mystery pixie dust virtual
interfaces from my hosting provider, but that would be something that a government would
have good reason to distrust.
--
Met vriendelijke groet,
Michael De Roover
Mail: isc at nixmagic.com
Web: michael.de.roover.eu.org
--------
[1] https://www.ietf.org/archive/id/draft-dickson-dprive-adot-auth-06.html#name-dns-records-to-publish-for-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250129/e4321e7e/attachment.htm>
More information about the bind-users
mailing list