[[ Of likely interest to this WG, for the people who unsubscribed from DPRIVE ]]
A new Request for Comments is now available in online RFC libraries. RFC 9539 Title: Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Author: D. K. Gillmor, Ed., J. Salazar, Ed., P. Hoffman, Ed. Status: Experimental Stream: IETF Date: February 2024 Mailbox: d...@fifthhorseman.net, joeyg...@gmail.com, paul.hoff...@icann.org Pages: 24 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-dprive-unilateral-probing-13.txt URL: https://www.rfc-editor.org/info/rfc9539 DOI: 10.17487/RFC9539 This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The protections provided by the guidance in this document can be defeated by an active attacker, but they should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed up deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. Wider easy deployment of the underlying encrypted transport on an opportunistic basis may facilitate the future specification of stronger cryptographic protections against more-powerful attacks. This document is a product of the DNS PRIVate Exchange Working Group of the IETF. EXPERIMENTAL: This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop