Draft-ietf-dprive-dns-over-tls-02 is out and ready for re-review (and maybe for a second WGLC - Tim, please considerÅ )
Mail from yesterday (now with a clearer subject line). On 12/7/15, 11:04 AM, "Mankin, Allison" <[email protected]> wrote: >We have updated the DNS-over-TLS draft to provide a complete response to >two aspects of the WGLC > >1. the WG consensus call from the discussion that took place in Yokohama >(2 weeks into the 4 week WGLC) >2. the discussion on the mailing list - this mostly took the form of >questions about that consensus. > > >Warren summed up the WG consensus call (on the mailing list on 11/13): > >On 11/13/15, 12:55 PM, "dns-privacy on behalf of Warren Kumari" ><[email protected] on behalf of [email protected]> wrote: > >>The plan that we'd discussed was that this document would describe how >>to do the DNSoTLS bit, and the new document would extend the auth >>profiles. >> >>This document would mention opportunistic and the case where there is >>an existing trust relationship. >> >>The refernce to the new document would not have to be normative, and >>so we could go ahead and publish this - we've heard (anecdotally) that >>a number of people would like to test this, but would like to see the >>RFC label before spending cycles... > > >We addressed both 1 and 2 by providing more details about the the case >where there is an existing trust relationship. We point to the soon to be >submitted document for TLS and DTLS that will provide additional >authentication methods and profiles with a TBD informative reference to be >filled in with the draft name once it appears (Section 1). > >We expanded on the existing trust relationship case by specifying >out-of-band pinned-key authentication analogous to the authentication >described in RFC 7469 (and noting that additional authentication methods >are to come in the TLS/DTLS authentication draft). These changes >primarily occur in Section 4.2, but also in in the profiles intro (Section >4). Also, we added a non-normative appendix with an example of pinned-key >authentication. > >Please check the diff (Diff: >https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dns-over-tls-02) to >get a clear picture of these changes. > >We request that folks read the changed sections asap. We request to the >chairs that they start a new two week WGLC for review of this response to >the first WGLC. > >Thanks, > >Allison > > _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
