Hi,
On 5 Dec 2018, at 07:35, ummeegge ummeegge@ipfire.org wrote:
Hello Peter, and thanks for your response.
Am Dienstag, den 04.12.2018, 17:19 +0100 schrieb Peter Müller:
I am pretty sure there is still huge interest in adding DoT support to IPFire - in my point of view, yesterdays telephone conference showed this again.
Good to here. Wanted to be part of the last conference but my jobsite have had other plans.
Our problem seems to be a lack of coordination: You are developing pretty much (OpenSSL 1.1.1 comes to my mind), which is simply great.
I do not really see a lack of coordination here or are somebody else working on DoT currently ? OpenSSL-1.1.1 might be a good/important addition to DoT -->
https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-02 --> https://blog.cloudflare.com/encrypted-sni/ which brings also some other interesting side affects --> https://www.dnsthingy.com/2018/10/encrypted-sni-death-blow-to-transparent-fi... ...
I can only speak for myself here, but do not have any overview about what these are in detail. :-)
Not 100% sure what you mean, are you mean an overview of other projects which i am currently working one ?
Maybe joining a telco might help (nudge, nudge). :-)
I hear you :D . Looking forward for more_action/more_people or in general for more response/help in this topic.
I am not sure what you are looking for. But I just wanted to say that I am following this conversation.
So far I think that there are indeed many people interested in DoT. However, I have not received any feedback on what I was mailing before.
I think what is best now is to get this into small patches. What needs to be done to get this UI ready so that people can add those DNS servers? What will the default behaviour be? How will we make sure that the system does not fall back (to unauthenticated DNS)?
I think that we can leave OpenSSL 1.1.1 aside for this for now, because it works perfectly fine with TLS 1.2. We should not mix multiple things together when they have no strict dependency (although I am really looking forward to see TLS 1.3 in IPFire soon).
Best, -Michael
Best,
Erik