Update 7050 to include encrypted DNS as a "secure channel"

[mstojens]

RFC 7050 Section 2.2 defines "secure channel" in a hand-wavy way to include IPsec and link-layer security. However, since 7050 was published, DoT, DoH, and DoQ have been standardized. Combined with DNR (RFC 9463), this would allow a network to advertise its DNS64 encrypted DNS server.

Should we update 7050 to extend the definition of "secure channel" to include encrypted DNS (perhaps specifying 7858, 8484, 9250)?

[furry13]

I do not have any strong opinion on that (personally I'd prefer people to stop using 7050 whatsoever - if you are deploying IPv6-mostly, why not advertize PREF64?), but if you think it's worth it - why not? So smth like 7050-bis? Or a separate draft for "Secure 7050"?

[mstojens]

I have no strong opinion on which doc as long as it exists, and the more I think about it, the more a 7050-bis makes sense. I can start a -00 in time for IETF 120, would you like to co-author?

[mstojens]

I've drafted some text to update RFC7050 here: https://github.com/mstojens/draft-jens-7050-secure-channel/blob/main/draft-jens-7050-secure-channel.md