All The diffs between -09 and -10 are fairly large as they address the issues raised during IESG review. Before we go and poke the ADs to clear their DISCUSS positions, we want to make sure the WG has reviewed Sarah's updates.
I know everyone is busily updating their latest set of drafts before the cutoff so I don't expect anything for a few days. But if folks could read the diffs at least: On Fri, Jun 16, 2017 at 4:52 AM, Sara Dickinson <[email protected]> wrote: > Hi All, > > Here is an update to the draft which attempts to address the majority of > the comments received during IESG review so far. Given the number and > extent of the changes I would request further careful review of this > version, particularly from the working group. > > Changes are: > > * Clarified the specific attacks the Usage Profiles mitigate against. > * Revised wording in the draft relating to 'security/privacy guarantees’ > and generally improved consistency of wording throughout the document. > * Corrected and added a number of references: > - RFC7924 is now Normative > - RFC7918 and RFC8094 are now Normative (and therefore Downrefs) > - draft-ietf-tls-tls13, draft-ietf-dprive-padding-policy,RFC3315 and > RFC7227 added > * Terminology: Update definition of Privacy-enabling DNS server and moved > normative definition to section 4. > * Section 5 and 6.3: Included discussion of the additional attacks > possible when using meta-queries to bootstrap the DNS service > * Section 5: Added sentence on why Opportunistic Profile may fallback for > latency reasons. > * Section 5.1: Added discussion of when clients might change Usage > Profiles. > * Section 6.4: Added caveat on use of combined authentication re RFC7469. > * Section 6.5: Added more detail on how authentication results might be > used in Opportunistic. Opportunistic clients now SHOULD try for the best > case. > * Section 7.3: Re-worked this section and the discussion of DHCP. > * Section 9: Removed unnecessary text, added condition on use of RFC7250 > (Raw public keys). > * Section 11.: More detail on padding policies. > * Numerous editorial corrections. > > Regards > > Sara. > > > On 16 Jun 2017, at 09:49, [email protected] wrote: > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > This draft is a work item of the DNS PRIVate Exchange of the IETF. > > > > Title : Usage and (D)TLS Profiles for DNS-over-(D)TLS > > Authors : Sara Dickinson > > Daniel Kahn Gillmor > > Tirumaleswar Reddy > > Filename : draft-ietf-dprive-dtls-and-tls-profiles-10.txt > > Pages : 29 > > Date : 2017-06-16 > > > > Abstract: > > This document discusses Usage Profiles, based on one or more > > authentication mechanisms, which can be used for DNS over Transport > > Layer Security (TLS) or Datagram TLS (DTLS). These profiles can > > increase the privacy of DNS transactions compared to using only clear > > text DNS. This document also specifies new authentication mechanisms > > - it describes several ways a DNS client can use an authentication > > domain name to authenticate a (D)TLS connection to a DNS server. > > Additionally, it defines (D)TLS protocol profiles for DNS clients and > > servers implementing DNS-over-(D)TLS. This document updates RFC > > 7858. > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls- > and-tls-profiles/ > > > > There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-ietf-dprive-dtls-and-tls-profiles-10 > > https://datatracker.ietf.org/doc/html/draft-ietf-dprive- > dtls-and-tls-profiles-10 > > > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dtls- > and-tls-profiles-10 > > > > > > Please note that it may take a couple of minutes from the time of > submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > _______________________________________________ > > dns-privacy mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/dns-privacy > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy >
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
