Inline [TR] From: Mankin, Allison [mailto:[email protected]] Sent: Tuesday, October 27, 2015 9:59 PM To: Tirumaleswar Reddy (tireddy); Sara Dickinson Cc: [email protected] Subject: Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01
My two cents is that the authentication profile for TLS and DTLS should not be the same as a draft with flows. I reviewed the flows draft before it was submitted (and thank the authors for responding to initial comments). Unsurprisingly, the flows draft is almost entirely made up of flows. I estimate that many will have to change in response to DPRIVE WG review/discussion of the DTLS fragmentation scheme; also, some of them may need to change based on what is finalized for 1.3 in the TLS WG. In keeping with other precedents at IETF, I’d see the flows draft as an informational document to help implementors/deployers. [TR] But this draft also discusses (D)TLS profile for DNS privacy and it cannot be made informational. However (D)TLS profile and authentication mechanism discussed in DTLS draft can be moved to a new draft and this draft can then just discuss flows with (D)TLS and can be made informational. The authentication profile for TLS/DTLS is something we can pull together now, with some work by the WG, and I’d expect it to be standards track. I would not want to delay it for finishing the detailed engineering on the DTLS draft. Bottom line: I very much support Sara’s offer to start a stand-alone document for the authentication profile. [TR] DNSoD already discusses authentication mechanism that can also be used for TLS. This new draft can pick text from DNSoD. This new draft should cover both authentication and (D)TLS profile. I can help with the text for this draft. -Tiru Speaking for the TLS authors, we’ll be happy to add language pointing ahead to an authentication profile external to our draft. Allison . On Oct 27, 2015, at 11:12 AM, Tirumaleswar Reddy (tireddy) <[email protected]<mailto:[email protected]>> wrote: From: Sara Dickinson [mailto:[email protected]] Sent: Tuesday, October 27, 2015 7:34 PM To: Tirumaleswar Reddy (tireddy) Cc: [email protected]<mailto:[email protected]> Subject: Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01 On 27 Oct 2015, at 12:31, Tirumaleswar Reddy (tireddy) <[email protected]<mailto:[email protected]>> wrote: I’m saying I think creating a separate document that specifically covers authentication for both TLS and DTLS makes most sense to me and will be clearer for consumers of the documents. [TR] We can move this Section to https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-00 and that will take care both (D)TLS profile for DNS privacy and authenticating the server. I guess this is a decision for the working group since the DTLS draft is adopted, but the above document isn’t. [TR] Yes, of course; will do that only after WG feedback and adoption of the draft. -Tiru Sara. _______________________________________________ dns-privacy mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/dns-privacy
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
