Hi All, This update hopefully addresses the two DISCUSS positions raised in the IESG review, and also all the comments made there. The main changes are:
* Add section 8.1 on the requirement to use the DoT ALPN * Modify one of the options for validation of a client from just an IP ACL to a combination of IP ACL and TSIG/SIG(0) * Update Abstract and Introduction with clear descriptions of how earlier specifications are updated * Add reference for NSEC3 attacks * Justify use of SHOULD in sections 7.3.2 and 7.3.3. * Clarify the Appendix is non-normative * Numerous typos and editorial improvements. * Use xml2rfc v3 (some format changes occur as a result) Best regards Sara. > On 27 May 2021, at 09:32, [email protected] wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the DNS PRIVate Exchange WG of the IETF. > > Title : DNS Zone Transfer-over-TLS > Authors : Willem Toorop > Sara Dickinson > Shivan Sahib > Pallavi Aras > Allison Mankin > Filename : draft-ietf-dprive-xfr-over-tls-12.txt > Pages : 42 > Date : 2021-05-27 > > Abstract: > DNS zone transfers are transmitted in clear text, which gives > attackers the opportunity to collect the content of a zone by > eavesdropping on network connections. The DNS Transaction Signature > (TSIG) mechanism is specified to restrict direct zone transfer to > authorized clients only, but it does not add confidentiality. This > document specifies the use of TLS, rather than clear text, to prevent > zone content collection via passive monitoring of zone transfers: > XFR-over-TLS (XoT). Additionally, this specification updates RFC1995 > and RFC5936 with respect to efficient use of TCP connections, and > RFC7766 with respect to the recommended number of connections between > a client and server for each transport. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ > > There is also an htmlized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-12 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-12 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
