> -----Original Message----- > From: Simon Josefsson [mailto:[email protected]] > Sent: Tuesday, November 10, 2015 1:02 AM > To: Mankin, Allison > Cc: Tirumaleswar Reddy (tireddy); Sara Dickinson; [email protected] > Subject: Re: Start of WGLC for draft-ietf-dprive-dns-over-tls-01 > > "Mankin, Allison" <[email protected]> writes: > > > My two cents is that the authentication profile for TLS and DTLS > > should not be the same as a draft with flows. > > > > I reviewed the flows draft before it was submitted (and thank the > > authors for responding to initial comments). Unsurprisingly, the > > flows draft is almost entirely made up of flows. I estimate that many > > will have to change in response to DPRIVE WG review/discussion of the > > DTLS fragmentation scheme; also, some of them may need to change based > > on what is finalized for 1.3 in the TLS WG. In keeping with other > > precedents at IETF, I’d see the flows draft as an informational > > document to help implementors/deployers. > > I don't think this WG should wait for completion of TLS 1.3. If you write > drafts the right way, I don't see anything that needs to be changed moving > from TLS 1.2 to TLS 1.3. Or are you thinking of mandating TLS >= 1.3 for > dprive?
No. The proposal is to split draft-wing-dprive-profile-and-msg-flows-00, (D)TLS 1.2 profile for providing DNS privacy and authentication of the DNS server will be discussed in one draft. We plan to publish this draft in couple of weeks. draft-wing-dprive-profile-and-msg-flows-00 will be made informational and only discuss message flows for DNS-over-(D)TLS and also include message flows with TLS 1.3, will keep updating draft-wing-dprive-profile-and-msg-flows draft as TLS 1.3 work progresses and it can be considered for publication after TLS 1.3 work is finalized. -Tiru > > I believe the dprive documents are in reasonable shape, and the only > worrying concern is that the (D)TLS-considerations ought to be synchronized > between DoDTLS and DoTLS. It appears there is already work towards fixing > that, and once that document is available, there could be a WG last call on > all > three documents. I don't see anything that would prevent this from > happening during the next 0-3 months process-wise. I believe that TLS 1.3 > will not be finalized within that time-frame. > > /Simon > > > > > The authentication profile for TLS/DTLS is something we can pull > > together now, with some work by the WG, and I’d expect it to be > > standards track. I would not want to delay it for finishing the > > detailed engineering on the DTLS draft. > > > > Bottom line: I very much support Sara’s offer to start a stand-alone > > document for the authentication profile. Speaking for the TLS > > authors, we’ll be happy to add language pointing ahead to an > > authentication profile external to our draft. > > > > Allison > > > > . > > > > > >> On Oct 27, 2015, at 11:12 AM, Tirumaleswar Reddy (tireddy) > <[email protected]> wrote: > >> > >> > >> > >> From: Sara Dickinson [mailto:[email protected] > >> <mailto:[email protected]>] > >> Sent: Tuesday, October 27, 2015 7:34 PM > >> To: Tirumaleswar Reddy (tireddy) > >> Cc: [email protected] <mailto:[email protected]> > >> Subject: Re: [dns-privacy] Start of WGLC for > >> draft-ietf-dprive-dns-over-tls-01 > >> > >> > >> On 27 Oct 2015, at 12:31, Tirumaleswar Reddy (tireddy) > >> <[email protected] <mailto:[email protected]>> wrote: > >> > >> > >> I’m saying I think creating a separate document that specifically > >> covers authentication for both TLS and DTLS makes most sense to me > >> and will be clearer for consumers of the documents. > >> > >> [TR] We can move this Section to > >> https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-0 > >> 0 > >> <https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows- > >> 00> and that will take care both (D)TLS profile for DNS privacy and > >> authenticating the server. > >> > >> I guess this is a decision for the working group since the DTLS draft > >> is adopted, but the above document isn’t. > >> > >> [TR] Yes, of course; will do that only after WG feedback and adoption of > the draft. > >> > >> -Tiru > >> > >> Sara. > >> _______________________________________________ > >> dns-privacy mailing list > >> [email protected] <mailto:[email protected]> > >> https://www.ietf.org/mailman/listinfo/dns-privacy > >> <https://www.ietf.org/mailman/listinfo/dns-privacy> > > _______________________________________________ > > dns-privacy mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/dns-privacy > > _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
