[I know there is a post-Yokohama version in construction, addressing, among other things, the authentication issues which will move to a separate I-D, and the questionable fragmentation which will disappear. Still, these points may be useful:]
On Mon, Oct 19, 2015 at 03:10:50AM +0000, Tirumaleswar Reddy (tireddy) <[email protected]> wrote a message of 70 lines which said: > This revision addresses comments from the WG. Main changes are: > DNS privacy problem is further discussed in > [I-D.bortzmeyer-dnsop-dns-privacy]. Now RFC 7626 > The existing Query ID allows multiple requests and responses to be > interleaved in whatever order they can be fulfilled by the DNS > server. [...] When sending multiple queries over a single DTLS > session, clients MUST take care to avoid Message ID collisions. In > other words, they MUST not re-use the DNS Message ID of an in-flight > query. Since DNS-over-DTLS is, in that respect, closer from DNS-over-TCP than from DNS-over-UDP, would it make sense to simply refer to 5966bis, sections 6.2.1 and 7? > It is highly advantageous to avoid server-side DTLS state and reduce > the number of new DTLS sessions on the server which can be done with > [RFC5077]. Since TLS session resumption is not ideal for privacy, may be referring to the analysis of RFC 6973, section 5.2.1 would help? > Implementing DNSoD on root servers is outside the scope of this > document. s/root/authoritative/ ? > 14.1. Normative References The list of normative references is awfully long and not all RFCs in it seem worth it (for instance RFC 7469 or 7435). I suggest to move most of them to informative. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
