Hello, > A new version of I-D, draft-ghedini-dprive-early-data-00.txt > has been successfully submitted by Alessandro Ghedini and posted to the > IETF repository. > > Name: draft-ghedini-dprive-early-data > Revision: 00 > Title: Using Early Data in DNS over TLS > Document date: 2019-03-25 > Group: Individual Submission > Pages: 5 > URL: > https://www.ietf.org/internet-drafts/draft-ghedini-dprive-early-data-00.txt > Status: > https://datatracker.ietf.org/doc/draft-ghedini-dprive-early-data/ > Htmlized: https://tools.ietf.org/html/draft-ghedini-dprive-early-data-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-ghedini-dprive-early-data > > > Abstract: > This document illustrates the risks of using TLS 1.3 early data with > DNS over TLS, and specifies behaviors that can be adopted by clients > and servers to reduce those risks.
This is a follow-up to a discussion from over a year ago about using TLS 0-RTT for DNS over TLS connections: https://mailarchive.ietf.org/arch/msg/dns-privacy/LKZeOAj7Y4fC-9hRcbX_4KVWu0Y I've been looking for guidance about using 0-RTT for DoT, but that mailing list discussion was all I could find, and since there hasn't been any activity since I started collecting information about this into an I-D. RFC8446 also says that "Application protocols MUST NOT use 0-RTT data without a profile that defines its use" (Appendix E.5), so this is an attempt at defining that profile for DoT. Much of the wording comes from RFC8470 and the security considerations are based on the mailing list discussion mentioned above, though the I-D is far from complete. The draft is maintained on GitHub at: https://github.com/ghedo/draft-ghedini-dprive-early-data Would be interested to know what people think about this. Also sorry for the late submission, I'm in Prague this week and would be happy to talk about this in person if anyone wants. Cheers _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
