On Mon, Mar 11, 2019 at 12:21 PM manu tman <chan...@gmail.com> wrote:
> Hi all, > > I have captured in a draft the mechanism I used during IETF 103 hackathon > and which is available aan experimental module in knot-resolver[0]. I was > taken short with time before cit-off date, but I hope this will better > explain how it works. > > Manu > > [0] > https://gitlab.labs.nic.cz/knot/knot-resolver/tree/master/modules/experimental_dot_auth > > ——— > > > > A new version of I-D, draft-bretelle-dprive-dot-spki-in-ns-name-00.txt > > has been successfully submitted by Emmanuel Bretelle and posted to the > > IETF repository. > > > > Name: draft-bretelle-dprive-dot-spki-in-ns-name > > Revision: 00 > > Title: Encoding DNS-over-TLS (DoT) Subject Public Key Info (SPKI) in Name > Server name > > Document date: 2019-03-11 > > Group: Individual Submission > > Pages: 7 > > URL: > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_internet-2Ddrafts_draft-2Dbretelle-2Ddprive-2Ddot-2Dspki-2Din-2Dns-2Dname-2D00.txt&d=DwICaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=aRgHK985qD76PXQaxDKSjA&m=jSTn0YgV5vZZxmSgDChO302kZVyakva0HQhlXmV_Ks0&s=9TmF-DXxE_0nJ6WyhRNoNSiya3N7h_pVwyRn4qIfD7U&e= > > Status: > https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dbretelle-2Ddprive-2Ddot-2Dspki-2Din-2Dns-2Dname_&d=DwICaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=aRgHK985qD76PXQaxDKSjA&m=jSTn0YgV5vZZxmSgDChO302kZVyakva0HQhlXmV_Ks0&s=5eZd00_oyy5t1SFYXYCMfv1fSl22SudK5I3pkCozKFs&e= > > Htmlized: > https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dbretelle-2Ddprive-2Ddot-2Dspki-2Din-2Dns-2Dname-2D00&d=DwICaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=aRgHK985qD76PXQaxDKSjA&m=jSTn0YgV5vZZxmSgDChO302kZVyakva0HQhlXmV_Ks0&s=ZTRurE9sjAPDCKcx8dBXgYPs0dE9LmmJ194vl04cn3Q&e= > > Htmlized: > https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dbretelle-2Ddprive-2Ddot-2Dspki-2Din-2Dns-2Dname&d=DwICaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=aRgHK985qD76PXQaxDKSjA&m=jSTn0YgV5vZZxmSgDChO302kZVyakva0HQhlXmV_Ks0&s=H0At0r1sQEdFc1snO7kIVALaFf-F1zRRHGPf3aUqkk4&e= > > > > > > Abstract: > > This document describes a mechanism to exchange the Subject Public > > Key Info (SPKI) ([RFC5280] Section 4.1.2.7) fingerprint associated > > with a DNS-over-TLS (DoT [RFC7858]) authoritative server by encoding > > it as part of its name. The fingerprint can thereafter be used to > > validate the certificate received from the DoT server as well as > > being able to discover support for DoT on the server. > > 6. IANA Considerations " TODO: This document requires IANA actions (new RR type)." What new RR type is needed? Looks to me like all standard RR's. -- Bob Harold
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy