Dear DPRIVE and DNSOP, Here is one of the drafts referenced in my presentation(s) on Thursday. Brian
---------- Forwarded message --------- From: <internet-dra...@ietf.org> Date: Tue, Nov 9, 2021 at 6:11 PM Subject: New Version Notification for draft-dickson-dprive-adot-auth-06.txt To: Brian Dickson <brian.peter.dick...@gmail.com> A new version of I-D, draft-dickson-dprive-adot-auth-06.txt has been successfully submitted by Brian Dickson and posted to the IETF repository. Name: draft-dickson-dprive-adot-auth Revision: 06 Title: Authenticated DNS over TLS to Authoritative Servers Document date: 2021-11-09 Group: Individual Submission Pages: 17 URL: https://www.ietf.org/archive/id/draft-dickson-dprive-adot-auth-06.txt Status: https://datatracker.ietf.org/doc/draft-dickson-dprive-adot-auth/ Html: https://www.ietf.org/archive/id/draft-dickson-dprive-adot-auth-06.html Htmlized: https://datatracker.ietf.org/doc/html/draft-dickson-dprive-adot-auth Diff: https://www.ietf.org/rfcdiff?url2=draft-dickson-dprive-adot-auth-06 Abstract: This Internet Draft proposes a mechanism for DNS resolvers to discover support for TLS transport to authoritative DNS servers, to validate this indication of support, and to authenticate the TLS certificates involved. This requires that the name server _names_ are in a DNSSEC signed zone. This also requires that the delegation of the zone served is protected by [I-D.dickson-dnsop-ds-hack], since the NS names are the keys used for discovery of TLS transport support. Additional recommendations relate to use of various techniques for efficiency and scalability, and new EDNS options to minimize round trips and for signaling between clients and resolvers. The IETF Secretariat
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop