All, There were a number hallway discussions at IETF around the use of SRV records in this draft and in particular how the use of them in combination with the TLS DNSSEC Chain Extension mechanism could be improved e.g. to avoid having to separately validate the SRV, A/AAAA lookups and the DNSSEC Chain records.
After some debate it was eventually proposed to remove the SRV record completely, which greatly simplifies the specification and streamlines the above use case. A new version of the draft is available to review which includes this change and also addresses the comments from the TSV-ART review. -09 Changelog: * Remove the SRV record to simplify the draft. * Add suggestion that clients offer DANE option to avoid using only PKIX authentication. * Clarify that the MUST on implementing TLS session resumption updates RFC7858. * Update page header to be '(D)TLS Authentication for TLS’. I’ll leave it to the chairs to comment on what this means process wise for the draft at this stage. Regards Sara. > On 10 Apr 2017, at 17:29, [email protected] wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the DNS PRIVate Exchange of the IETF. > > Title : Authentication and (D)TLS Profile for DNS-over-(D)TLS > Authors : Sara Dickinson > Daniel Kahn Gillmor > Tirumaleswar Reddy > Filename : draft-ietf-dprive-dtls-and-tls-profiles-09.txt > Pages : 25 > Date : 2017-04-10 > > Abstract: > This document discusses Usage Profiles, based on one or more > authentication mechanisms, which can be used for DNS over Transport > Layer Security (TLS) or Datagram TLS (DTLS). This document also > specifies new authentication mechanisms - it describes several ways a > DNS client can use an authentication domain name to authenticate a > DNS server. Additionally, it defines (D)TLS profiles for DNS clients > and servers implementing DNS-over-(D)TLS. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-tls-profiles/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-dprive-dtls-and-tls-profiles-09 > https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dtls-and-tls-profiles-09 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dtls-and-tls-profiles-09 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
