Hi All, After some off-list discussion I have create an new version of the draft which updates the description and handling of meta queries:
* Section 5: Re-ordered and re-worded the text in section on Opportunistic profile to make the protection offered by Opportunistic clearer. * Section 5: Provide a more detailed analysis of attacks on the meta queries * Section 7.2: Re-introduce a requirement to DNSSEC validate the meta- queries making it as SHOULD for Strict and a MUST for Opportunistic. Ekr - please let me know if this addresses your discuss? Regards Sara. > On 11 Sep 2017, at 11:30, [email protected] wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the DNS PRIVate Exchange WG of the IETF. > > Title : Usage and (D)TLS Profiles for DNS-over-(D)TLS > Authors : Sara Dickinson > Daniel Kahn Gillmor > Tirumaleswar Reddy > Filename : draft-ietf-dprive-dtls-and-tls-profiles-11.txt > Pages : 29 > Date : 2017-09-11 > > Abstract: > This document discusses Usage Profiles, based on one or more > authentication mechanisms, which can be used for DNS over Transport > Layer Security (TLS) or Datagram TLS (DTLS). These profiles can > increase the privacy of DNS transactions compared to using only clear > text DNS. This document also specifies new authentication mechanisms > - it describes several ways a DNS client can use an authentication > domain name to authenticate a (D)TLS connection to a DNS server. > Additionally, it defines (D)TLS protocol profiles for DNS clients and > servers implementing DNS-over-(D)TLS. This document updates RFC > 7858. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-tls-profiles/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-dprive-dtls-and-tls-profiles-11 > https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dtls-and-tls-profiles-11 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dtls-and-tls-profiles-11 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
