The IESG has received a request from the DNS PRIVate Exchange WG (dprive) to consider the following document: - 'DNS Zone Transfer-over-TLS' <draft-ietf-dprive-xfr-over-tls-09.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2021-04-20. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc6973: Privacy Considerations for Internet Protocols (Informational - Internet Architecture Board (IAB)) draft-ietf-dprive-rfc7626-bis: DNS Privacy Considerations (None - Internet Engineering Task Force (IETF)) rfc7626: DNS Privacy Considerations (Informational - Internet Engineering Task Force (IETF)) _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
