Revision -06 of this draft includes the following changes: - Changed the title to "Specification for DNS over TLS" - Clarified that this document focuses on stub-to-recursive use of TLS, leaving recursive-to-auth for future work. - Rewrote some section 3.1 text which (still) says that clients and servers MUST use port 853, but could instead use some other port by mutual agreement. - Added missing forward reference to the "Out-of-band Key-pinned Privacy Profile." - Other minor improvements based on comments from the INT directorate review.
DW > On Feb 22, 2016, at 12:27 PM, [email protected] wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the DNS PRIVate Exchange of the IETF. > > Title : Specification for DNS over TLS > Authors : Zi Hu > Liang Zhu > John Heidemann > Allison Mankin > Duane Wessels > Paul Hoffman > Filename : draft-ietf-dprive-dns-over-tls-06.txt > Pages : 20 > Date : 2016-02-22 > > Abstract: > This document describes the use of TLS to provide privacy for DNS. > Encryption provided by TLS eliminates opportunities for eavesdropping > and on-path tampering with DNS queries in the network, such as > discussed in [RFC7258]. In addition, this document specifies two > usage profiles for DNS-over-TLS and provides advice on performance > considerations to minimize overhead from using TCP and TLS with DNS. > > This document focuses on securing stub-to-recursive traffic, as per > the charter of the DPRIVE working group. It does not prevent future > applications of the protocol to recursive-to-authoritative traffic. > > Note: this document was formerly named > draft-ietf-dprive-start-tls-for-dns. Its name has been changed to > better describe the mechanism now used. Please refer to working > group archives under the former name for history and previous > discussion. [RFC Editor: please remove this paragraph prior to > publication] > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dprive-dns-over-tls/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-dprive-dns-over-tls-06 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dns-over-tls-06 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
