[[ Of likely interest to this WG, for the people who unsubscribed from DPRIVE ]]
A new Request for Comments is now available in online RFC libraries.
RFC 9539
Title: Unilateral Opportunistic Deployment of Encrypted
Recursive-to-Authoritative DNS
Author: D. K. Gillmor, Ed.,
J. Salazar, Ed.,
P. Hoffman, Ed.
Status: Experimental
Stream: IETF
Date: February 2024
Mailbox: d...@fifthhorseman.net,
joeyg...@gmail.com,
paul.hoff...@icann.org
Pages: 24
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-ietf-dprive-unilateral-probing-13.txt
URL: https://www.rfc-editor.org/info/rfc9539
DOI: 10.17487/RFC9539
This document sets out steps that DNS servers (recursive resolvers
and authoritative servers) can take unilaterally (without any
coordination with other peers) to defend DNS query privacy against a
passive network monitor. The protections provided by the guidance in
this document can be defeated by an active attacker, but they should
be simpler and less risky to deploy than more powerful defenses.
The goal of this document is to simplify and speed up deployment of
opportunistic encrypted transport in the recursive-to-authoritative
hop of the DNS ecosystem. Wider easy deployment of the underlying
encrypted transport on an opportunistic basis may facilitate the
future specification of stronger cryptographic protections against
more-powerful attacks.
This document is a product of the DNS PRIVate Exchange Working Group of the
IETF.
EXPERIMENTAL: This memo defines an Experimental Protocol for the
Internet community. It does not specify an Internet standard of any
kind. Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
