A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : Interoperable Domain Name System (DNS) Server Cookies
Authors : Ondrej Sury
Willem Toorop
Donald E. Eastlake 3rd
Mark Andrews
Filename : draft-ietf-dnsop-server-cookies-04.txt
Pages : 16
Date : 2020-11-19
Abstract:
DNS Cookies, as specified in [RFC7873], are a lightweight DNS
transaction security mechanism that provide limited protection to DNS
servers and clients against a variety of denial-of-service and
amplification, forgery, or cache poisoning attacks by off-path
attackers.
This document provides precise directions for creating Server Cookies
so that an anycast server set including diverse implementations will
interoperate with standard clients.
This document updates [RFC7873] with
* suggestions for constructing Client Cookies in a privacy
preserving fashion,
* precise instructions for constructing Server Cookies deprecating
the methods described in [RFC7873], and
* suggestions on how to update a server secret.
An IANA registry listing the methods and associated pseudo random
function suitable for creating DNS Server cookies is created, with
the method described in this document as the first and as of yet only
entry.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-server-cookies/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-dnsop-server-cookies-04.html
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-server-cookies-04
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
