Re: [dns-privacy] New Version Notification for draft-dgr-dprive-dtls-and-tls-profiles-00.txt

Mon, 04 Jan 2016 01:35:14 -0800 

Hi All, 

As discussed by the working group (in Yokohama and on the list) a new draft has 
been produced

https://tools.ietf.org/html/draft-dgr-dprive-dtls-and-tls-profiles-00 
<https://tools.ietf.org/html/draft-dgr-dprive-dtls-and-tls-profiles-00> 

that describes usage profiles, authentication mechanisms and a (D)TLS profile 
that can be used for both DNS-over-TLS and DNS-over-DTLS:

- It discusses in detail the use of Strict and Opportunistic usage profiles for 
DNS-over-(D)TLS.

- It describes domain name based authentication mechanisms using both X.509 
certificates and DANE as ways that a DNS server can prove its identity for 
authentication purposes. 

- It presents a (D)TLS profile which defines the configuration options and 
protocol extensions required to optimise connection establishment and session 
resumption.

- It additionally has guidance on counter measures to DNS traffic analysis and 
server capability probing by clients. 

We request review of this document and consideration for adoption by the 
working group.

Regards

Sara.

>> On 23 Dec 2015, at 16:12, [email protected] wrote:
>> 
>> 
>> A new version of I-D, draft-dgr-dprive-dtls-and-tls-profiles-00.txt
>> has been successfully submitted by Sara Dickinson and posted to the
>> IETF repository.
>> 
>> Name:                draft-dgr-dprive-dtls-and-tls-profiles
>> Revision:    00
>> Title:               Authentication and (D)TLS Profile for DNS-over-TLS and 
>> DNS-over-DTLS
>> Document date:       2015-12-23
>> Group:               Individual Submission
>> Pages:               17
>> URL:            
>> https://www.ietf.org/internet-drafts/draft-dgr-dprive-dtls-and-tls-profiles-00.txt
>> Status:         
>> https://datatracker.ietf.org/doc/draft-dgr-dprive-dtls-and-tls-profiles/
>> Htmlized:       
>> https://tools.ietf.org/html/draft-dgr-dprive-dtls-and-tls-profiles-00
>> 
>> 
>> Abstract:
>>   This document describes how a DNS client can use a domain name to
>>   authenticate a DNS server that uses Transport Layer Security (TLS)
>>   and Datagram TLS (DTLS).  Additionally, it defines (D)TLS profiles
>>   for DNS clients and servers implementing DNS-over-TLS and DNS-over-
>>   DTLS.


_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy

Reply via email to