Hi All, A new draft has been submitted that outlines the basics of a DSO based mechanism for zone transfers requiring TLS.
There is much more work to do on the details and potentially additional messaging to define but hopefully this includes information to get some initial feedback on this proposal. Best regards Sara. > On 8 Jul 2019, at 18:45, [email protected] wrote: > > > A new version of I-D, draft-zatda-dprive-xfr-using-dso-00.txt > has been successfully submitted by Sara Dickinson and posted to the > IETF repository. > > Name: draft-zatda-dprive-xfr-using-dso > Revision: 00 > Title: DNS Zone Transfer using DNS Stateful Operations > Document date: 2019-07-08 > Group: Individual Submission > Pages: 21 > URL: > https://www.ietf.org/internet-drafts/draft-zatda-dprive-xfr-using-dso-00.txt > Status: > https://datatracker.ietf.org/doc/draft-zatda-dprive-xfr-using-dso/ > Htmlized: > https://tools.ietf.org/html/draft-zatda-dprive-xfr-using-dso-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-zatda-dprive-xfr-using-dso > > > Abstract: > DNS zone transfers are transmitted in clear text, which gives > attackers the opportunity to collect the content of a zone by > eavesdropping on network connections. This document specifies use of > DNS Stateful Operations to enable a subscribe/publish mechanism for > zone transfers reducing the over head introduced by NOTITY/SOA > interactions prior to zone transfer request. This additionally > prevents zone contents collection via passive monitoring of zone > transfers by restricting XFR using DSO to require TLS. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
