(as chair)
I don't see the point in holding up this document for the other DTLS
document(s). Using the "running code" practice, there is code out here
which supports dns-over-tls. The authors of dns-over-dtls do not have
a plan to implement any solutions at this time. However, as chair, I've
reached out and I do believe some of the folks who have implemented the
current dns-over-tls solution work on a proof of concept of dns-over-dtls.
I'll chat with Warren about this, but I don't see the reasons to hold
this one for now.
tim
On 11/9/15 11:32 AM, Simon Josefsson wrote:
"Mankin, Allison" <[email protected]> writes:
My two cents is that the authentication profile for TLS and DTLS
should not be the same as a draft with flows.
I reviewed the flows draft before it was submitted (and thank the
authors for responding to initial comments). Unsurprisingly, the
flows draft is almost entirely made up of flows. I estimate that many
will have to change in response to DPRIVE WG review/discussion of the
DTLS fragmentation scheme; also, some of them may need to change based
on what is finalized for 1.3 in the TLS WG. In keeping with other
precedents at IETF, I’d see the flows draft as an informational
document to help implementors/deployers.
I don't think this WG should wait for completion of TLS 1.3. If you
write drafts the right way, I don't see anything that needs to be
changed moving from TLS 1.2 to TLS 1.3. Or are you thinking of
mandating TLS >= 1.3 for dprive?
I believe the dprive documents are in reasonable shape, and the only
worrying concern is that the (D)TLS-considerations ought to be
synchronized between DoDTLS and DoTLS. It appears there is already work
towards fixing that, and once that document is available, there could be
a WG last call on all three documents. I don't see anything that would
prevent this from happening during the next 0-3 months process-wise. I
believe that TLS 1.3 will not be finalized within that time-frame.
/Simon
The authentication profile for TLS/DTLS is something we can pull
together now, with some work by the WG, and I’d expect it to be
standards track. I would not want to delay it for finishing the
detailed engineering on the DTLS draft.
Bottom line: I very much support Sara’s offer to start a stand-alone
document for the authentication profile. Speaking for the TLS
authors, we’ll be happy to add language pointing ahead to an
authentication profile external to our draft.
Allison
.
On Oct 27, 2015, at 11:12 AM, Tirumaleswar Reddy (tireddy) <[email protected]>
wrote:
From: Sara Dickinson [mailto:[email protected] <mailto:[email protected]>]
Sent: Tuesday, October 27, 2015 7:34 PM
To: Tirumaleswar Reddy (tireddy)
Cc: [email protected] <mailto:[email protected]>
Subject: Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01
On 27 Oct 2015, at 12:31, Tirumaleswar Reddy (tireddy)
<[email protected] <mailto:[email protected]>> wrote:
I’m saying I think creating a separate document that specifically
covers authentication for both TLS and DTLS makes most sense to me
and will be clearer for consumers of the documents.
[TR] We can move this Section to
https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-00
<https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-00>
and that will take care both (D)TLS profile for DNS privacy and
authenticating the server.
I guess this is a decision for the working group since the DTLS
draft is adopted, but the above document isn’t.
[TR] Yes, of course; will do that only after WG feedback and adoption of the
draft.
-Tiru
Sara.
_______________________________________________
dns-privacy mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/dns-privacy
<https://www.ietf.org/mailman/listinfo/dns-privacy>
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
