My two cents is that the authentication profile for TLS and DTLS should not be the same as a draft with flows.
I reviewed the flows draft before it was submitted (and thank the authors for responding to initial comments). Unsurprisingly, the flows draft is almost entirely made up of flows. I estimate that many will have to change in response to DPRIVE WG review/discussion of the DTLS fragmentation scheme; also, some of them may need to change based on what is finalized for 1.3 in the TLS WG. In keeping with other precedents at IETF, I’d see the flows draft as an informational document to help implementors/deployers. The authentication profile for TLS/DTLS is something we can pull together now, with some work by the WG, and I’d expect it to be standards track. I would not want to delay it for finishing the detailed engineering on the DTLS draft. Bottom line: I very much support Sara’s offer to start a stand-alone document for the authentication profile. Speaking for the TLS authors, we’ll be happy to add language pointing ahead to an authentication profile external to our draft. Allison . > On Oct 27, 2015, at 11:12 AM, Tirumaleswar Reddy (tireddy) > <[email protected]> wrote: > > > > From: Sara Dickinson [mailto:[email protected] <mailto:[email protected]>] > Sent: Tuesday, October 27, 2015 7:34 PM > To: Tirumaleswar Reddy (tireddy) > Cc: [email protected] <mailto:[email protected]> > Subject: Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01 > > > On 27 Oct 2015, at 12:31, Tirumaleswar Reddy (tireddy) <[email protected] > <mailto:[email protected]>> wrote: > > > I’m saying I think creating a separate document that specifically covers > authentication for both TLS and DTLS makes most sense to me and will be > clearer for consumers of the documents. > > [TR] We can move this Section to > https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-00 > <https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-00> and > that will take care both (D)TLS profile for DNS privacy and authenticating > the server. > > I guess this is a decision for the working group since the DTLS draft is > adopted, but the above document isn’t. > > [TR] Yes, of course; will do that only after WG feedback and adoption of the > draft. > > -Tiru > > Sara. > _______________________________________________ > dns-privacy mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/dns-privacy > <https://www.ietf.org/mailman/listinfo/dns-privacy>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
