Hi All,

This update hopefully addresses the two DISCUSS positions raised in the IESG 
review, and also all the comments made there. The main changes are:

* Add section 8.1 on the requirement to use the DoT ALPN
* Modify one of the options for validation of a client from just an IP ACL to a 
combination of
  IP ACL and TSIG/SIG(0)
* Update Abstract and Introduction with clear descriptions of how earlier 
specifications are updated
* Add reference for NSEC3 attacks
* Justify use of SHOULD in sections 7.3.2 and 7.3.3.
* Clarify the Appendix is non-normative
* Numerous typos and editorial improvements.
* Use xml2rfc v3 (some format changes occur as a result)

Best regards

Sara.

> On 27 May 2021, at 09:32, [email protected] wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the DNS PRIVate Exchange WG of the IETF.
> 
>        Title           : DNS Zone Transfer-over-TLS
>        Authors         : Willem Toorop
>                          Sara Dickinson
>                          Shivan Sahib
>                          Pallavi Aras
>                          Allison Mankin
>       Filename        : draft-ietf-dprive-xfr-over-tls-12.txt
>       Pages           : 42
>       Date            : 2021-05-27
> 
> Abstract:
>   DNS zone transfers are transmitted in clear text, which gives
>   attackers the opportunity to collect the content of a zone by
>   eavesdropping on network connections.  The DNS Transaction Signature
>   (TSIG) mechanism is specified to restrict direct zone transfer to
>   authorized clients only, but it does not add confidentiality.  This
>   document specifies the use of TLS, rather than clear text, to prevent
>   zone content collection via passive monitoring of zone transfers:
>   XFR-over-TLS (XoT).  Additionally, this specification updates RFC1995
>   and RFC5936 with respect to efficient use of TCP connections, and
>   RFC7766 with respect to the recommended number of connections between
>   a client and server for each transport.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/
> 
> There is also an htmlized version available at:
> https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-12
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-12
> 
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> 
> _______________________________________________
> dns-privacy mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dns-privacy

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy

Reply via email to