The IESG has received a request from the DNS PRIVate Exchange WG (dprive) to consider the following document: - 'Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS' <draft-ietf-dprive-unilateral-probing-10.txt> as Experimental RFC
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2023-08-28. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. Wider easy deployment of the underlying transport on an opportunistic basis may facilitate the future specification of stronger cryptographic protections against more powerful attacks. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ The following IPR Declarations may be related to this I-D: https://datatracker.ietf.org/ipr/5904/ _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
