Hi all,
We published https://tools.ietf.org/html/draft-reddy-dprive-dprive-privacy-policy-01 <https://tools.ietf.org/html/draft-reddy-dprive-dprive-privacy-policy-00> that discusses a mechanism for the DNS server to communicate its cryptographically signed privacy policy information to a DNS client. By evaluating the DNS privacy policy and the signatory, the DNS client can choose to select or avoid a DoT/DoH server if it doesn't comply with the client's privacy expectations. Comments, suggestions and questions are more than welcome. Cheers, -Tiru ---------- Forwarded message --------- From: <internet-dra...@ietf.org> Date: Fri, 25 Oct 2019 at 14:06 Subject: New Version Notification for draft-reddy-dprive-dprive-privacy-policy-01.txt To: Tirumaleswar Reddy <kond...@gmail.com>, Dan Wing <dwing-i...@fuggles.com>, Michael C. Richardson <mcr+i...@sandelman.ca> A new version of I-D, draft-reddy-dprive-dprive-privacy-policy-01.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-reddy-dprive-dprive-privacy-policy Revision: 01 Title: DNS server privacy policy with assertion token Document date: 2019-10-25 Group: Individual Submission Pages: 25 URL: https://www.ietf.org/internet-drafts/draft-reddy-dprive-dprive-privacy-policy-01.txt Status: https://datatracker.ietf.org/doc/draft-reddy-dprive-dprive-privacy-policy/ Htmlized: https://tools.ietf.org/html/draft-reddy-dprive-dprive-privacy-policy-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-reddy-dprive-dprive-privacy-policy Diff: https://www.ietf.org/rfcdiff?url2=draft-reddy-dprive-dprive-privacy-policy-01 Abstract: Users want to control how their DNS queries are handled by DNS servers so they can configure their system to use DNS servers that comply with their privacy expectations. This document defines a mechanism for a DNS server to communicate its privacy policy to a DNS client. This communication is cryptographically signed to attest to its authenticity. By evaluating the DNS privacy policy and the signatory, the DNS client can choose a DNS server that best supports its desired privacy policies. The privacy assertion token is particularly useful for DNS-over-TLS and DNS-over-HTTPS servers, both public resolvers and those discovered on the local network. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop