Hi Christian, All good points. I implemented the changes that you can track here<https://github.com/boucadair/draft-boucadair-opsawg-add-encrypted-dns/commit/0628069958e8698b42229859cf3aabedb68bedd0> (or the full diff<https://www.ietf.org/rfcdiff?url1=draft-boucadair-opsawg-add-encrypted-dns&url2=https://raw.githubusercontent.com/boucadair/draft-boucadair-opsawg-add-encrypted-dns/master/draft-boucadair-opsawg-add-encrypted-dns.txt>).
Thank you. Cheers, Med De : JACQUENET Christian INNOV/NET Envoyé : vendredi 16 septembre 2022 09:26 À : [email protected]<mailto:[email protected]> Objet : RE: 🔔 CALL FOR ADOPTION: RADIUS Extensions for Encrypted DNS Hello ops, I too have read the draft and find the RADIUS extension useful. I therefore support its adoption by ops. A few additional (minor) comments from my side: * Introduction: * I would suggest to put the examples of mechanisms (DHCP, RA) right after “mechanisms” * Also, besides Dirk’s correction below, I would suggest s/server(s)/servers * I would delete “To fill that void” · Page 3: o “The same procedure…” reads a bit strange. Would suggest: “The same procedure is followed by terminals that embed DHCPv6 clients that communicate with the DHCPv6 server embedded in the CPE.” o s/Upon change of the any…/Should any encrypted DNS-related information (e.g., AND, IPv6 address) change… o s/Attributed/attribute o s/accepted/received (I don’t think a NAS *accepts* a message per se o s/…to cause the DHCPv6 client…/…which leads the DHCPv6 client Cheers, Christian. Orange Restricted De : OPSAWG <[email protected]<mailto:[email protected]>> De la part de [email protected]<mailto:[email protected]> Envoyé : jeudi 15 septembre 2022 17:04 À : [email protected]<mailto:[email protected]> Objet : Re: [OPSAWG] 🔔 CALL FOR ADOPTION: RADIUS Extensions for Encrypted DNS Dear WG, I have read the draft and find it useful for the foreseen applications of secure broadband access control. I support adoption and would mention some nits or clarification of the issues below: p.2: DNS Recursive DNS server(s)=> DNS Recursive name server(s)[?] p.4: DNS-related information (e.g., ADN, => DNS-related information (e.g., ADN(Authentication Domain Name), RADIUS CoA message => RADIUS CoA (Change-of-Authorization) message Attributed to the NAS => Attribute to the NAS p.9: … use the format defined in [RFC6929<https://datatracker.ietf.org/doc/html/rfc6929>]. [I wonder whether reference to RFC2865 would be more appropriate here since no Extended-Type field is needed, if I understood it correctly?] p.10: TLV is identified as 241.TBA1.TBA5 as part of the IPv4-Encrypted-DNS Attribute => TLV is identified as 241.TBA2.TBA5 as part of the IPv4-Encrypted-DNS Attribute p.13: I wonder whether in IANA section the proposed new RADIUS TLVs are not denoted as TBA3 – TBA7 as mentioned in the corresponding sub-sections, but by 1 – 5? Thanks! Best regards Dirk From: OPSAWG <[email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>>> on behalf of Joe Clarke (jclarke) <[email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>>> Date: Wednesday, September 14, 2022 at 10:28 To: [email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>> <[email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>>> Subject: [OPSAWG] 🔔 CALL FOR ADOPTION: RADIUS Extensions for Encrypted DNS Hello, WG. I like Henk’s subject icon. Makes for some attention-grabbing. This work has been discussed previously in opsawg, going back over a year. The authors have continued to progress the work and would like to gauge WG interest in adopting it. One might ask, why opsawg? The radext WG has been concluded, but, like IPFIX, there is interest in continuing to produce extensions for RADIUS. It was suggested by Benjamin Kaduk that opsawg was a potential fit for this work. Therefore, this kicks off a two-week CfA for https://datatracker.ietf.org/doc/draft-boucadair-opsawg-add-encrypted-dns/. Please comment on-list with support and/or discussion of the work. Thanks. Joe _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
