Hello,

> A new version of I-D, draft-ghedini-dprive-early-data-00.txt
> has been successfully submitted by Alessandro Ghedini and posted to the
> IETF repository.
> 
> Name:           draft-ghedini-dprive-early-data
> Revision:       00
> Title:          Using Early Data in DNS over TLS
> Document date:  2019-03-25
> Group:          Individual Submission
> Pages:          5
> URL:
> https://www.ietf.org/internet-drafts/draft-ghedini-dprive-early-data-00.txt
> Status:
> https://datatracker.ietf.org/doc/draft-ghedini-dprive-early-data/
> Htmlized:       https://tools.ietf.org/html/draft-ghedini-dprive-early-data-00
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-ghedini-dprive-early-data
> 
> 
> Abstract:
>    This document illustrates the risks of using TLS 1.3 early data with
>    DNS over TLS, and specifies behaviors that can be adopted by clients
>    and servers to reduce those risks.

This is a follow-up to a discussion from over a year ago about using TLS 0-RTT
for DNS over TLS connections:
https://mailarchive.ietf.org/arch/msg/dns-privacy/LKZeOAj7Y4fC-9hRcbX_4KVWu0Y

I've been looking for guidance about using 0-RTT for DoT, but that mailing list
discussion was all I could find, and since there hasn't been any activity since
I started collecting information about this into an I-D.

RFC8446 also says that "Application protocols MUST NOT use 0-RTT data without
a profile that defines its use" (Appendix E.5), so this is an attempt at
defining that profile for DoT.

Much of the wording comes from RFC8470 and the security considerations are based
on the mailing list discussion mentioned above, though the I-D is far from
complete.

The draft is maintained on GitHub at:
https://github.com/ghedo/draft-ghedini-dprive-early-data

Would be interested to know what people think about this. Also sorry for the
late submission, I'm in Prague this week and would be happy to talk about this
in person if anyone wants.

Cheers

_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy

Reply via email to