> On 7 Oct 2016, at 10:48, Stephane Bortzmeyer <[email protected]> wrote: > > On Thu, Oct 06, 2016 at 02:58:09AM -0400, > Tim Wicinski <[email protected]> wrote > a message of 28 lines which said: > >> This starts a Working Group Last Call for: >> draft-ietf-dprive-dtls-and-tls-profile > > Executive summary: OK for me, > draft-ietf-dprive-dtls-and-tls-profiles-03 can (and should) be > published. I find that touchy issues, such as the relationship with > the authentication mechanisms described in RFC 7858, or such as the > table 1 "DNS Privacy Protection by Usage Profile and type of attacker" > are nicely done.
Good to know - thanks. > > The table 1 could use some details about the possibility of detection > for passive attacks (for active attacks, it is addressed in section > 5). These details were promised in > <https://mailarchive.ietf.org/arch/msg/dns-privacy/8VMIuFKWZUAzP7UWivLn9fA_Ew4> > :-) Yes, thanks for catching (again)! I will add an example similar to the one in the mail thread into section 5 so that the discussion of detection of active and passive attacks are together. > > Technical question: > > The document seems to use "X.509" and "PKIX" as synonyms. Is it really > the case? Paul’s suggestions of using PKIX throughout seems sensible. > > Small legal detail: > >> this application [extended to be used for recursive clients and >> authoritative servers] is out of scope for the DNS PRIVate Exchange >> (DPRIVE) Working Group per its current charter. > > A bit exaggerated: the current charter says "it [the DPRIVE WG] may > also later consider mechanisms that provide confidentiality between > Iterative Resolvers and Authoritative Servers” A reasonable point. I copied that text directly from RFC7858 (DNS-over-TLS) as that is how the scope is justified in that document….. > > Editorial detail: > >> but may be the subject of a future I-D. > > Should probably be removed before it becomes a RFC. How about I change it to “may be the subject of future work”? Unless such an ID is likely to appear in the very near future? :-) Sara. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
