Follow up, I forgot to mention that, this document also provide a possible solution for DNS data confidentiality (for IPv6 enabled networks) to protect users' privacy in a very simple step. It does not need TLS for doing this like other draft in the mailing list. Please take a look and comment on it. Hosnieh
> > A new version of I-D, draft-rafiee-intarea-cga-tsig-07.txt > has been successfully submitted by Hosnieh Rafiee and posted to the IETF > repository. > > Name: draft-rafiee-intarea-cga-tsig > Revision: 07 > Title: Secure DNS Authentication using CGA/SSAS Algorithm in IPv6 > Document date: 2014-02-15 > Group: Individual Submission > Pages: 26 > URL: > http://www.ietf.org/internet-drafts/draft-rafiee-intarea-cga-tsig-07.txt > Status: > https://datatracker.ietf.org/doc/draft-rafiee-intarea-cga-tsig/ > Htmlized: http://tools.ietf.org/html/draft-rafiee-intarea-cga-tsig-07 > Diff: > http://www.ietf.org/rfcdiff?url2=draft-rafiee-intarea-cga-tsig-07 > > Abstract: > This document describes a new mechanism that can be used to reduce > the need for human intervention during DNS authentication and secure > DNS authentication in various scenarios such as the DNS > authentication of resolvers to stub resolvers, authentication during > zone transfers, authentication of root DNS servers to recursive DNS > servers, and authentication during the FQDN (RFC 4703) update. > > Especially in the last scenario, i.e., FQDN, if the node uses the > Neighbor Discovery Protocol (NDP) (RFC 4861, RFC 4862), unlike the > Dynamic Host Configuration Protocol (DHCP) (RFC 3315), the node has > no way of updating his FQDN records on the DNS and has no means for a > secure authentication with the DNS server. While this is a major > problem in NDP-enabled networks, this is a minor problem in DHCPv6. > This is because the DHCP server updates the FQDN records on behalf of > the nodes on the network. This document also introduces a possible > algorithm for DNS data confidentiality. > > > _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
