Greetings again. You probably just saw the announcement of draft-ietf-dprive-opportunistic-adotq-01. After the discussion on the list about us having to make the opportunistic draft track the (unpublished) fully-authenticated draft, Peter and I decided it would be easier for the WG to keep both ideas in their heads by making a single draft that covers both opportunistic and fully-authenticated ADoT.
Thus, the new draft his titled "Recursive to Authoritative DNS with Encryption" because it covers both use cases and the process for both types of resolvers. (Clearly, we should change the draft's filename after the draft submission window opens again in two weeks.) We tried hard to make the protocol description as short as possible by not repeating steps that are the same for all resolvers, but also to clearly differentiate when something is different. The changes are so massive that the diff is useless; you have to read this as a new document. This is just a first attempt at a combined-use-case document. There are certainly holes, and probably places where people will want to change the protocol for their preferred use case. (Of course, if people hate the idea of a single document, we can do another version of this that just covers the opportunistic use case, and proponents of the fully-authenticated use case can use it as a template for their work.) One obvious set of changes we will ask the WG about is adding DoQ throughout. In our structuring of the new document, we don't think that will be too disruptive. Please review and comment. Please remember that this is a very early version and is not meant to be complete now, but we will certainly want it to be so over the course of many months. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
