I'd like to thank everyone who provided reviews and input to the DNS-over-TLS document. The -01 revision has been uploaded with the following changes since -00:
- Request for early port allocation was granted. The document now refers to port 853. - Clarified that TLS also help with on-path tampering. - Clarified language about writing two-octet length field (matching draft-5966bis) - Removed "port number" in description of matching queries to responses. - Mention getaddrinfo() in addition to gethostbyname(). - Removed reference to RFC3118 under advice that it is not used and may be deprecated. - Removed questionable use of the term "pinning". - Clarified that unencrypted queries and responses might happen over port 53 prior to TLS. DW > On Oct 11, 2015, at 9:21 PM, [email protected] wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the DNS PRIVate Exchange Working Group of the > IETF. > > Title : DNS over TLS: Initiation and Performance > Considerations > Authors : Zi Hu > Liang Zhu > John Heidemann > Allison Mankin > Duane Wessels > Paul Hoffman > Filename : draft-ietf-dprive-dns-over-tls-01.txt > Pages : 17 > Date : 2015-10-11 > > Abstract: > This document describes the use of TLS to provide privacy for DNS. > Encryption provided by TLS eliminates opportunities for eavesdropping > and on-path tampering with DNS queries in the network, such as > discussed in RFC 7258. In addition, this document specifies two > usage profiles for DNS-over-TLS and provides advice on performance > considerations to minimize overhead from using TCP and TLS with DNS. > > Note: this document was formerly named > draft-ietf-dprive-start-tls-for-dns. Its name has been changed to > better describe the mechanism now used. Please refer to working > group archives under the former name for history and previous > discussion. [RFC Editor: please remove this paragraph prior to > publication] > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dprive-dns-over-tls/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-dprive-dns-over-tls-01 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dns-over-tls-01 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
