Hello DNS privacy people, please find below all details about our proposal for enabling DoT from resolver to authoritative.
This work is based on Manu Bretelle's presentation in Prague over a year ago, after which we spent a lot of time figuring out how to squeeze the DoT signal and key pin into the constraints of DNSKEY/DS records. We have some running code (linked in the draft) to show feasibility of the approach. The draft is managed on GitHub in .md format at https://github.com/PowerDNS/parent-signals-dot/tree/master/draft-vandijk-dprive-ds-dot-signal-and-pin Looking forward to your comments, Peter, Manu & Robin -------- Forwarded Message -------- From: internet-dra...@ietf.org To: Peter van Dijk <peter.van.d...@powerdns.com>, Emmanuel Bretelle < chan...@fb.com>, Robin Geuze <rob...@transip.nl> Subject: [EXT] New Version Notification for draft-vandijk-dprive-ds- dot-signal-and-pin-00.txt Date: Tue, 19 May 2020 02:18:23 -0700 A new version of I-D, draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt has been successfully submitted by Peter van Dijk and posted to the IETF repository. Name: draft-vandijk-dprive-ds-dot-signal-and-pin Revision: 00 Title: Signalling Authoritative DoT support in DS records, with key pinning Document date: 2020-05-19 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/internet-drafts/draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt Status: https://datatracker.ietf.org/doc/draft-vandijk-dprive-ds-dot-signal-and-pin/ Htmlized: https://tools.ietf.org/html/draft-vandijk-dprive-ds-dot-signal-and-pin-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-vandijk-dprive-ds-dot-signal-and-pin Abstract: This document specifies a way to signal the usage of DoT, and the pinned keys for that DoT usage, in authoritative servers. This signal lives on the parent side of delegations, in DS records. To ensure easy deployment, the signal is defined in terms of (C)DNSKEY. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy