Hi all, Based on the feedback received at IETF-104, we have updated the draft https://tools.ietf.org/html/draft-reddy-dprive-bootstrap-dns-server-03. Comments, suggestions, and questions are more than welcome.
As a reminder, the draft discusses procedure to automatically bootstrap endpoints to discover and authenticate DNS-over-(D)TLS and DNS-over-HTTPS servers provided by a local network. Major updates are: 1. Removed the use of Explicit Trust Anchor. 2. Updated the PAKE scheme. 3. Added EST server discovery procedure 4. A new privacy certificate extension is defined that identifies the privacy preserving data policy of the DNS server. 5. Configuring authentication domain name (ADN) and associating the DNS server certificate (similar to PKIX-EE(1) defined in DANE). Cheers, -Tiru From: <[email protected]<mailto:[email protected]>> Date: Tue, 7 May 2019 at 20:27 Subject: New Version Notification for draft-reddy-dprive-bootstrap-dns-server-03.txt To: Mohamed Boucadair <[email protected]<mailto:[email protected]>>, Tirumaleswar Reddy <[email protected]<mailto:[email protected]>>, Dan Wing <[email protected]<mailto:[email protected]>>, Michael C. Richardson <[email protected]<mailto:mcr%[email protected]>> A new version of I-D, draft-reddy-dprive-bootstrap-dns-server-03.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-reddy-dprive-bootstrap-dns-server Revision: 03 Title: A Bootstrapping Procedure to Discover and Authenticate DNS-over-(D)TLS and DNS-over-HTTPS Servers Document date: 2019-05-07 Group: Individual Submission Pages: 21 URL: https://www.ietf.org/internet-drafts/draft-reddy-dprive-bootstrap-dns-server-03.txt Status: https://datatracker.ietf.org/doc/draft-reddy-dprive-bootstrap-dns-server/ Htmlized: https://tools.ietf.org/html/draft-reddy-dprive-bootstrap-dns-server-03 Htmlized: https://datatracker.ietf.org/doc/html/draft-reddy-dprive-bootstrap-dns-server Diff: https://www.ietf.org/rfcdiff?url2=draft-reddy-dprive-bootstrap-dns-server-03 Abstract: This document specifies mechanisms to automatically bootstrap endpoints (e.g., hosts, Customer Equipment) to discover and authenticate DNS-over-(D)TLS and DNS-over-HTTPS servers provided by a local network. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. The IETF Secretariat
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
