[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-13.txt
Internet-Draft draft-ietf-dprive-unilateral-probing-13.txt is now available. It is a work item of the DNS PRIVate Exchange (DPRIVE) WG of the IETF. Title: Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors: Daniel Kahn Gillmor Joey Salazar Paul Hoffman Name:draft-ietf-dprive-unilateral-probing-13.txt Pages: 34 Dates: 2023-10-23 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. Wider easy deployment of the underlying encrypted transport on an opportunistic basis may facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an HTMLized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-13 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dprive-unilateral-probing-13 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-12.txt
Internet-Draft draft-ietf-dprive-unilateral-probing-12.txt is now available. It is a work item of the DNS PRIVate Exchange (DPRIVE) WG of the IETF. Title: Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors: Daniel Kahn Gillmor Joey Salazar Paul Hoffman Name:draft-ietf-dprive-unilateral-probing-12.txt Pages: 33 Dates: 2023-08-31 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. Wider easy deployment of the underlying encrypted transport on an opportunistic basis may facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an HTMLized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-12 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dprive-unilateral-probing-12 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-11.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the DNS PRIVate Exchange (DPRIVE) WG of the IETF. Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors : Daniel Kahn Gillmor Joey Salazar Paul Hoffman Filename: draft-ietf-dprive-unilateral-probing-11.txt Pages : 33 Date: 2023-08-08 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. Wider easy deployment of the underlying transport on an opportunistic basis may facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-11 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dprive-unilateral-probing-11 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-10.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the DNS PRIVate Exchange (DPRIVE) WG of the IETF. Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors : Daniel Kahn Gillmor Joey Salazar Paul Hoffman Filename: draft-ietf-dprive-unilateral-probing-10.txt Pages : 33 Date: 2023-07-27 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. Wider easy deployment of the underlying transport on an opportunistic basis may facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-10 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dprive-unilateral-probing-10 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-09.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the DNS PRIVate Exchange (DPRIVE) WG of the IETF. Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors : Daniel Kahn Gillmor Joey Salazar Paul Hoffman Filename: draft-ietf-dprive-unilateral-probing-09.txt Pages : 32 Date: 2023-07-05 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. Wider easy deployment of the underlying transport on an opportunistic basis may facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-09 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dprive-unilateral-probing-09 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the DNS PRIVate Exchange (DPRIVE) WG of the IETF. Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors : Daniel Kahn Gillmor Joey Salazar Paul Hoffman Filename: draft-ietf-dprive-unilateral-probing-08.txt Pages : 31 Date: 2023-06-27 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. Wider easy deployment of the underlying transport on an opportunistic basis may facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-08 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dprive-unilateral-probing-08 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-07.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the DNS PRIVate Exchange (DPRIVE) WG of the IETF. Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors : Daniel Kahn Gillmor Joey Salazar Paul Hoffman Filename: draft-ietf-dprive-unilateral-probing-07.txt Pages : 31 Date: 2023-06-05 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. With wider easy deployment of the underlying transport on an opportunistic basis, we hope to facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-07 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dprive-unilateral-probing-07 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the DNS PRIVate Exchange (DPRIVE) WG of the IETF. Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors : Daniel Kahn Gillmor Joey Salazar Paul Hoffman Filename: draft-ietf-dprive-unilateral-probing-06.txt Pages : 30 Date: 2023-05-26 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. With wider easy deployment of the underlying transport on an opportunistic basis, we hope to facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-06 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dprive-unilateral-probing-06 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors : Daniel Kahn Gillmor Joey Salazar Paul Hoffman Filename: draft-ietf-dprive-unilateral-probing-05.txt Pages : 30 Date: 2023-03-03 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. With wider easy deployment of the underlying transport on an opportunistic basis, we hope to facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-05 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dprive-unilateral-probing-05 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors : Daniel Kahn Gillmor Joey Salazar Paul Hoffman Filename: draft-ietf-dprive-unilateral-probing-04.txt Pages : 30 Date: 2023-03-03 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. With wider easy deployment of the underlying transport on an opportunistic basis, we hope to facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-04 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dprive-unilateral-probing-04 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors : Daniel Kahn Gillmor Joey Salazar Paul Hoffman Filename: draft-ietf-dprive-unilateral-probing-03.txt Pages : 30 Date: 2023-02-16 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. With wider easy deployment of the underlying transport on an opportunistic basis, we hope to facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-03 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dprive-unilateral-probing-03 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors : Daniel Kahn Gillmor Joey Salazar Paul Hoffman Filename: draft-ietf-dprive-unilateral-probing-02.txt Pages : 27 Date: 2022-09-27 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. With wider easy deployment of the underlying transport on an opportunistic basis, we hope to facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-unilateral-probing-02 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors : Daniel Kahn Gillmor Joey Salazar Paul Hoffman Filename: draft-ietf-dprive-unilateral-probing-01.txt Pages : 29 Date: 2022-07-11 Abstract: This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. With wider easy deployment of the underlying transport on an opportunistic basis, we hope to facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-unilateral-probing-01 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-dnsoquic-12.txt
A new version (-12) has been submitted for draft-ietf-dprive-dnsoquic: https://www.ietf.org/archive/id/draft-ietf-dprive-dnsoquic-12.txt The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-12 IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-12.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS over Dedicated QUIC Connections Authors : Christian Huitema Sara Dickinson Allison Mankin Filename: draft-ietf-dprive-dnsoquic-12.txt Pages : 34 Date: 2022-04-20 Abstract: This document describes the use of QUIC to provide transport confidentiality for DNS. The encryption provided by QUIC has similar properties to those provided by TLS, while QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient packet loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. This specification describes the use of DNS over QUIC as a general- purpose transport for DNS and includes the use of DNS over QUIC for stub to recursive, recursive to authoritative, and zone transfer scenarios. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-12 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-12 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-dnsoquic-11.txt
A new version (-11) has been submitted for draft-ietf-dprive-dnsoquic: https://www.ietf.org/archive/id/draft-ietf-dprive-dnsoquic-11.txt Sub state has been changed to AD Followup from Revised ID Needed The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-11 IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-11.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS over Dedicated QUIC Connections Authors : Christian Huitema Sara Dickinson Allison Mankin Filename: draft-ietf-dprive-dnsoquic-11.txt Pages : 34 Date: 2022-03-21 Abstract: This document describes the use of QUIC to provide transport confidentiality for DNS. The encryption provided by QUIC has similar properties to those provided by TLS, while QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient packet loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. This specification describes the use of DNS over QUIC as a general- purpose transport for DNS and includes the use of DNS over QUIC for stub to recursive, recursive to authoritative, and zone transfer scenarios. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-11 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Authors : Daniel Kahn Gillmor Joey Salazar Filename: draft-ietf-dprive-unilateral-probing-00.txt Pages : 23 Date: 2022-03-07 Abstract: This draft sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this draft can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The draft also introduces (but does not try to specify) the semantics of signalling that would permit defense against an active attacker. The goal of this draft is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. With wider easy deployment of the underlying transport on an opportunistic basis, we hope to facilitate the future specification of stronger cryptographic protections against more powerful attacks. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-dprive-unilateral-probing-00.html Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-dnsoquic-10.txt
A new version (-10) has been submitted for draft-ietf-dprive-dnsoquic: https://www.ietf.org/archive/id/draft-ietf-dprive-dnsoquic-10.txt The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-10 IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-10.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS over Dedicated QUIC Connections Authors : Christian Huitema Sara Dickinson Allison Mankin Filename: draft-ietf-dprive-dnsoquic-10.txt Pages : 33 Date: 2022-02-28 Abstract: This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of- line blocking issues inherent with TCP and provides more efficient packet loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. This specification describes the use of DNS over QUIC as a general-purpose transport for DNS and includes the use of DNS over QUIC for stub to recursive, recursive to authoritative, and zone transfer scenarios. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-10 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-dnsoquic-09.txt
A new version (-09) has been submitted for draft-ietf-dprive-dnsoquic: https://www.ietf.org/archive/id/draft-ietf-dprive-dnsoquic-09.txt Sub state has been changed to AD Followup from Revised ID Needed The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-09 IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-09.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS over Dedicated QUIC Connections Authors : Christian Huitema Sara Dickinson Allison Mankin Filename: draft-ietf-dprive-dnsoquic-09.txt Pages : 33 Date: 2022-02-08 Abstract: This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of- line blocking issues inherent with TCP and provides more efficient packet loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. This specification describes the use of DNS over QUIC as a general-purpose transport for DNS and includes the use of DNS over QUIC for stub to recursive, recursive to authoritative, and zone transfer scenarios. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-09 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-dnsoquic-08.txt
A new version (-08) has been submitted for draft-ietf-dprive-dnsoquic: https://www.ietf.org/archive/id/draft-ietf-dprive-dnsoquic-08.txt Sub state has been changed to AD Followup from Revised ID Needed The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-08 IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS over Dedicated QUIC Connections Authors : Christian Huitema Sara Dickinson Allison Mankin Filename: draft-ietf-dprive-dnsoquic-08.txt Pages : 32 Date: 2022-01-11 Abstract: This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of- line blocking issues inherent with TCP and provides more efficient packet loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. This specification describes the use of DNS over QUIC as a general-purpose transport for DNS and includes the use of DNS over QUIC for stub to recursive, recursive to authoritative, and zone transfer scenarios. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-08 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-07.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS over Dedicated QUIC Connections Authors : Christian Huitema Sara Dickinson Allison Mankin Filename: draft-ietf-dprive-dnsoquic-07.txt Pages : 31 Date: 2021-12-01 Abstract: This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of- line blocking issues inherent with TCP and provides more efficient packet loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-07 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS over Dedicated QUIC Connections Authors : Christian Huitema Sara Dickinson Allison Mankin Filename: draft-ietf-dprive-dnsoquic-06.txt Pages : 30 Date: 2021-10-20 Abstract: This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of- line blocking issues inherent with TCP and provides more efficient packet loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-06 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS over Dedicated QUIC Connections Authors : Christian Huitema Sara Dickinson Allison Mankin Filename: draft-ietf-dprive-dnsoquic-05.txt Pages : 29 Date: 2021-10-11 Abstract: This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of- line blocking issues inherent with TCP and provides more efficient error corrections than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-05 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unauth-to-authoritative-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recursive to Authoritative DNS with Unauthenticated Encryption Authors : Paul Hoffman Peter van Dijk Filename: draft-ietf-dprive-unauth-to-authoritative-04.txt Pages : 11 Date: 2021-09-28 Abstract: This document describes a use case and a method for a DNS recursive resolver to use unauthenticated encryption when communicating with authoritative servers. The motivating use case for this method is that more encryption on the Internet is better, and some resolver operators believe that unauthenticated encryption is better than no encryption at all. The method described here is optional for both the recursive resolver and the authoritative server. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unauth-to-authoritative/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unauth-to-authoritative-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-unauth-to-authoritative-04 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Specification of DNS over Dedicated QUIC Connections Authors : Christian Huitema Sara Dickinson Allison Mankin Filename: draft-ietf-dprive-dnsoquic-04.txt Pages : 28 Date: 2021-09-03 Abstract: This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of- line blocking issues inherent with TCP and provides more efficient error corrections than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-04 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Specification of DNS over Dedicated QUIC Connections Authors : Christian Huitema Sara Dickinson Allison Mankin Filename: draft-ietf-dprive-dnsoquic-03.txt Pages : 22 Date: 2021-07-12 Abstract: This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of- line blocking issues inherent with TCP and provides more efficient error corrections than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-03 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unauth-to-authoritative-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recursive to Authoritative DNS with Unauthenticated Encryption Authors : Paul Hoffman Peter van Dijk Filename: draft-ietf-dprive-unauth-to-authoritative-03.txt Pages : 10 Date: 2021-07-12 Abstract: This document describes a use case and a method for a DNS recursive resolver to use unauthenticated encryption when communicating with authoritative servers. The motivating use case for this method is that more encryption on the Internet is better, and some resolver operators believe that unauthenticated encryption is better than no encryption at all. The method described here is optional for both the recursive resolver and the authoritative server. This method supports unauthenticated encryption using the same mechanism for discovery of encryption support for the server as [FULL-AUTH]. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unauth-to-authoritative/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unauth-to-authoritative-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-unauth-to-authoritative-03 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unauth-to-authoritative-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recursive to Authoritative DNS with Unauthenticated Encryption Authors : Paul Hoffman Peter van Dijk Filename: draft-ietf-dprive-unauth-to-authoritative-02.txt Pages : 8 Date: 2021-06-16 Abstract: This document describes a use case and a method for a DNS recursive resolver to use unauthenticated encryption when communicating with authoritative servers. The motivating use case for this method is that more encryption on the Internet is better, and some resolver operators believe that unauthenticated encryption is better than no encryption at all. The method described here is optional for both the recursive resolver and the authoritative server. This method supports unauthenticated encryption using the same mechanism for discovery of encryption support for the server as [FULL-AUTH]. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unauth-to-authoritative/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unauth-to-authoritative-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-unauth-to-authoritative-02 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-12.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Willem Toorop Sara Dickinson Shivan Sahib Pallavi Aras Allison Mankin Filename: draft-ietf-dprive-xfr-over-tls-12.txt Pages : 42 Date: 2021-05-27 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995 and RFC5936 with respect to efficient use of TCP connections, and RFC7766 with respect to the recommended number of connections between a client and server for each transport. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-12 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-12 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unauth-to-authoritative-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recursive to Authoritative DNS with Unauthenticated Encryption Authors : Paul Hoffman Peter van Dijk Filename: draft-ietf-dprive-unauth-to-authoritative-01.txt Pages : 8 Date: 2021-05-19 Abstract: This document describes a use case and a method for a DNS recursive resolver to use unauthenticated encryption when communicating with authoritative servers. The motivating use case for this method is that more encryption on the Internet is better, and some resolver operators believe that unauthenticated encryption is better than no encryption at all. The method described here is optional for both the recursive resolver and the authoritative server. This method supports unauthenticated encryption using the same mechanism for discovery of encryption support for the server as [FULL-AUTH]. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unauth-to-authoritative/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-unauth-to-authoritative-01 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unauth-to-authoritative-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-unauth-to-authoritative-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-11.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Willem Toorop Sara Dickinson Shivan Sahib Pallavi Aras Allison Mankin Filename: draft-ietf-dprive-xfr-over-tls-11.txt Pages : 40 Date: 2021-04-20 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-11 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-10.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Willem Toorop Sara Dickinson Shivan Sahib Pallavi Aras Allison Mankin Filename: draft-ietf-dprive-xfr-over-tls-10.txt Pages : 40 Date: 2021-04-20 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-10 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-unauth-to-authoritative-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recursive to Authoritative DNS with Unauthenticated Encryption Authors : Paul Hoffman Peter van Dijk Filename: draft-ietf-dprive-unauth-to-authoritative-00.txt Pages : 11 Date: 2021-04-12 Abstract: This document describes a use case and a method for a DNS recursive resolver to use unauthenticated encryption when communicating with authoritative servers. The motivating use case for this method is that more encryption on the Internet is better, and some resolver operators believe that unauthenticated encryption is better than no encryption at all. The method described here is optional for both the recursive resolver and the authoritative server. This method supports unauthenticated encryption using the same mechanism for discovery of encryption support for the server as [I-D.rescorla-dprive-adox-latest]. NOTE: The file name for this draft, draft-ietf-dprive-opportunistic- adotq, is now incorrect. This draft only covers unauthenticated encryption, not opportunistic encryption. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unauth-to-authoritative/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-unauth-to-authoritative-00 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unauth-to-authoritative-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-09.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Willem Toorop Sara Dickinson Shivan Sahib Pallavi Aras Allison Mankin Filename: draft-ietf-dprive-xfr-over-tls-09.txt Pages : 39 Date: 2021-04-06 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-09 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-opportunistic-adotq-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recursive to Authoritative DNS with Unauthenticated Encryption Authors : Paul Hoffman Peter van Dijk Filename: draft-ietf-dprive-opportunistic-adotq-02.txt Pages : 10 Date: 2021-04-01 Abstract: This document describes a use case and a method for a DNS recursive resolver to use unauthenticated encryption when communicating with authoritative servers. The motivating use case for this method is that more encryption on the Internet is better, and some resolver operators believe that unauthenticated encryption is better than no encryption at all. The method described here is optional for both the recursive resolver and the authoritative server. This method supports unauthenticated encryption using the same mechanism for discovery of encryption support for the server as [I-D.rescorla-dprive-adox-latest]. NOTE: The file name for this draft, draft-ietf-dprive-opportunistic- adotq, is now incorrect. This draft only covers unauthenticated encryption, not opportunistic encryption. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-opportunistic-adotq/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-opportunistic-adotq-02 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-opportunistic-adotq-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-opportunistic-adotq-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-rfc7626-bis-09.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Considerations Author : Tim Wicinski Filename: draft-ietf-dprive-rfc7626-bis-09.txt Pages : 30 Date: 2021-03-09 Abstract: This document describes the privacy issues associated with the use of the DNS by Internet users. It provides general observations about typical current privacy practices. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-rfc7626-bis-09 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-rfc7626-bis-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-rfc7626-bis-09.txt
A new version (-09) has been submitted for draft-ietf-dprive-rfc7626-bis: https://www.ietf.org/archive/id/draft-ietf-dprive-rfc7626-bis-09.txt Sub state has been changed to AD Followup from Revised ID Needed The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-09 Please note that it may take a couple of minutes from the time of submission until the diff is available at tools.ietf.org. IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Willem Toorop Sara Dickinson Shivan Sahib Pallavi Aras Allison Mankin Filename: draft-ietf-dprive-xfr-over-tls-08.txt Pages : 39 Date: 2021-03-08 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-08 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-08 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-opportunistic-adotq-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recursive to Authoritative DNS with Encryption Authors : Paul Hoffman Peter van Dijk Filename: draft-ietf-dprive-opportunistic-adotq-01.txt Pages : 9 Date: 2021-02-22 Abstract: This document describes a use case and a method for a DNS recursive resolver to use either opportunistic encryption (that is, encryption with optional authentication) or fully-authenticated encryption when communicating with authoritative servers. The motivating use case for this method is that more encryption on the Internet is better, some resolver operators will only want to offer fully-authenticated encryption when encryption is available, and some resolver operators believe that opportunistic encryption is better than no encryption at all. The method described here is optional for both the recursive resolver and the authoritative server. This method supports both fully-authenticate encryption and opportunistic encryption using the same mechanism for discovery of encryption support and discovery of authenticated public keys for the server. IMPORTANT NOTE: This version of the document is completely different than the earlier version. It now covers both opportunistic and fully-authenticated encryption. It is in a very rough state, and there are many holes in the description. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-opportunistic-adotq/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-opportunistic-adotq-01 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-opportunistic-adotq-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-opportunistic-adotq-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Specification of DNS over Dedicated QUIC Connections Authors : Christian Huitema Allison Mankin Sara Dickinson Filename: draft-ietf-dprive-dnsoquic-02.txt Pages : 23 Date: 2021-02-22 Abstract: This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of- line blocking issues inherent with TCP and provides more efficient error corrections than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-dnsoquic-02 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-07.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Willem Toorop Sara Dickinson Shivan Sahib Pallavi Aras Allison Mankin Filename: draft-ietf-dprive-xfr-over-tls-07.txt Pages : 39 Date: 2021-02-16 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-07 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-opportunistic-adotq-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recursive to Authoritative DNS with Opportunistic Encryption Authors : Paul Hoffman Peter van Dijk Filename: draft-ietf-dprive-opportunistic-adotq-00.txt Pages : 10 Date: 2021-02-14 Abstract: This document describes a use case and a method for a DNS recursive resolver to use opportunistic encryption (that is, encryption with optional authentication) when communicating with authoritative servers. The motivating use case for this method is that more encryption on the Internet is better, and opportunistic encryption is better than no encryption at all. The method described here is optional for both the recursive resolver and the authoritative server. Nothing in this method prevents use cases and methods that require authenticated encryption. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-opportunistic-adotq/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-opportunistic-adotq-00 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-opportunistic-adotq-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Willem Toorop Sara Dickinson Shivan Sahib Pallavi Aras Allison Mankin Filename: draft-ietf-dprive-xfr-over-tls-06.txt Pages : 39 Date: 2021-02-11 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-06 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Willem Toorop Sara Dickinson Shivan Sahib Pallavi Aras Allison Mankin Filename: draft-ietf-dprive-xfr-over-tls-05.txt Pages : 37 Date: 2021-01-20 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies use of TLS, rather then clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-05 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Willem Toorop Sara Dickinson Shivan Sahib Pallavi Aras Allison Mankin Filename: draft-ietf-dprive-xfr-over-tls-04.txt Pages : 37 Date: 2020-11-23 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies use of TLS, rather then clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-04 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-phase2-requirements-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Requirements for Exchanges between Recursive Resolvers and Authoritative Servers Authors : Jason Livingood Alexander Mayrhofer Benno Overeinder Filename: draft-ietf-dprive-phase2-requirements-02.txt Pages : 10 Date: 2020-11-02 Abstract: This document describes requirements and considerations for adding confidentiality to DNS exchanges between recursive resolvers and authoritative servers. The intent of this document is to guide Internet Drafts in the DNS Private Exchange (DPRIVE) Working Group pertaining to recursive to authorized name servers, with the stated requirements and considerations. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-phase2-requirements/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-phase2-requirements-02 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-phase2-requirements-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-phase2-requirements-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Willem Toorop Sara Dickinson Shivan Sahib Pallavi Aras Allison Mankin Filename: draft-ietf-dprive-xfr-over-tls-03.txt Pages : 37 Date: 2020-11-02 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies use of TLS, rather then clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-03 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Specification of DNS over Dedicated QUIC Connections Authors : Christian Huitema Allison Mankin Sara Dickinson Filename: draft-ietf-dprive-dnsoquic-01.txt Pages : 20 Date: 2020-10-20 Abstract: This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of- line blocking issues inherent with TCP and provides more efficient error corrections than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-dnsoquic-01 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsoquic-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-rfc7626-bis-08.txt
A new version (-08) has been submitted for draft-ietf-dprive-rfc7626-bis: https://www.ietf.org/archive/id/draft-ietf-dprive-rfc7626-bis-08.txt The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-08 Please note that it may take a couple of minutes from the time of submission until the diff is available at tools.ietf.org. IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-rfc7626-bis-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Considerations Author : Tim Wicinski Filename: draft-ietf-dprive-rfc7626-bis-08.txt Pages : 29 Date: 2020-10-16 Abstract: This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-rfc7626-bis-08 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-rfc7626-bis-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-08 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-rfc7626-bis-07.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Considerations Author : Tim Wicinski Filename: draft-ietf-dprive-rfc7626-bis-07.txt Pages : 29 Date: 2020-10-08 Abstract: This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-rfc7626-bis-07 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-rfc7626-bis-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-rfc7626-bis-07.txt
A new version (-07) has been submitted for draft-ietf-dprive-rfc7626-bis: https://www.ietf.org/id/draft-ietf-dprive-rfc7626-bis-07.txt Sub state has been changed to AD Followup from Revised ID Needed The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-07 Please note that it may take a couple of minutes from the time of submission until the diff is available at tools.ietf.org. IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-rfc7626-bis-06.txt
A new version (-06) has been submitted for draft-ietf-dprive-rfc7626-bis: https://www.ietf.org/id/draft-ietf-dprive-rfc7626-bis-06.txt Sub state has been changed to AD Followup from Revised ID Needed The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-06 Please note that it may take a couple of minutes from the time of submission until the diff is available at tools.ietf.org. IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-rfc7626-bis-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Considerations Author : Tim Wicinski Filename: draft-ietf-dprive-rfc7626-bis-06.txt Pages : 29 Date: 2020-09-23 Abstract: This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-rfc7626-bis-06 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-rfc7626-bis-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Willem Toorop Sara Dickinson Shivan Sahib Pallavi Aras Allison Mankin Filename: draft-ietf-dprive-xfr-over-tls-02.txt Pages : 27 Date: 2020-07-13 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies use of TLS, rather then clear text, to prevent zone contents collection via passive monitoring of zone transfers. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-02 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-14.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-14.txt Pages : 44 Date: 2020-07-12 Abstract: This document presents operational, policy, and security considerations for DNS recursive resolver operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a non-normative framework to assist writers of a Recursive operator Privacy Statement (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC6841). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-14 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-14 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-13.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-13.txt Pages : 44 Date: 2020-07-10 Abstract: This document presents operational, policy, and security considerations for DNS recursive resolver operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a non-normative framework to assist writers of a Recursive operator Privacy statement (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC6841). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-13 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-13 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-13 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-12.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-12.txt Pages : 44 Date: 2020-07-06 Abstract: This document presents operational, policy, and security considerations for DNS recursive resolver operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a non-normative framework to assist writers of a Recursive operator Privacy statement (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC6841). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-12 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-12 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-12 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-11.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-11.txt Pages : 44 Date: 2020-07-02 Abstract: This document presents operational, policy, and security considerations for DNS recursive resolver operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a non-normative framework to assist writers of a DNS Recursive Operator Privacy Statement (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC6841). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-11 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-10.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-10.txt Pages : 44 Date: 2020-06-18 Abstract: This document presents operational, policy, and security considerations for DNS recursive resolver operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a non-normative framework to assist writers of a DNS Recursive Operator Privacy Statement (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC6841). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-10 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-phase2-requirements-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Requirements for Exchanges between Recursive Resolvers and Authoritative Servers Authors : Jason Livingood Alexander Mayrhofer Benno Overeinder Filename: draft-ietf-dprive-phase2-requirements-01.txt Pages : 10 Date: 2020-06-16 Abstract: This document provides requirements for adding confidentiality to DNS exchanges between recursive resolvers and authoritative servers. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-phase2-requirements/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-phase2-requirements-01 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-phase2-requirements-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-phase2-requirements-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Han Zhang Pallavi Aras Willem Toorop Sara Dickinson Allison Mankin Filename: draft-ietf-dprive-xfr-over-tls-01.txt Pages : 19 Date: 2020-05-20 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies use of DNS-over-TLS to prevent zone contents collection via passive monitoring of zone transfers. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-01 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-09.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-09.txt Pages : 43 Date: 2020-05-04 Abstract: This document presents operational, policy, and security considerations for DNS recursive resolver operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a framework to assist writers of a DNS Recursive Operator Privacy Statement (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC6841). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-09 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-rfc7626-bis-05.txt
A new version (-05) has been submitted for draft-ietf-dprive-rfc7626-bis: https://www.ietf.org/internet-drafts/draft-ietf-dprive-rfc7626-bis-05.txt Sub state has been changed to AD Followup from Revised ID Needed The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-05 Please note that it may take a couple of minutes from the time of submission until the diff is available at tools.ietf.org. IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-rfc7626-bis-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Considerations Authors : Stephane Bortzmeyer Sara Dickinson Filename: draft-ietf-dprive-rfc7626-bis-05.txt Pages : 29 Date: 2020-05-04 Abstract: This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-rfc7626-bis-05 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-rfc7626-bis-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsoquic-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Specification of DNS over Dedicated QUIC Connections Authors : Christian Huitema Allison Mankin Sara Dickinson Filename: draft-ietf-dprive-dnsoquic-00.txt Pages : 20 Date: 2020-04-27 Abstract: This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of- line blocking issues inherent with TCP and provides more efficient error corrections than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-dnsoquic-00 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-early-data-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Using Early Data in DNS over TLS Author : Alessandro Ghedini Filename: draft-ietf-dprive-early-data-00.txt Pages : 6 Date: 2020-04-22 Abstract: This document illustrates the risks of using TLS 1.3 early data with DNS over TLS, and specifies behaviors that can be adopted by clients and servers to reduce those risks. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-early-data/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-early-data-00 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-early-data-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-08.txt Pages : 43 Date: 2020-01-24 Abstract: This document presents operational, policy, and security considerations for DNS recursive resolver operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a framework to assist writers of a DNS Recursive Operator Privacy Statement (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC6841). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-08 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-08 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-rfc7626-bis-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Considerations Authors : Stephane Bortzmeyer Sara Dickinson Filename: draft-ietf-dprive-rfc7626-bis-04.txt Pages : 28 Date: 2020-01-16 Abstract: This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-rfc7626-bis-04 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-rfc7626-bis-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-rfc7626-bis-04.txt
A new version (-04) has been submitted for draft-ietf-dprive-rfc7626-bis: https://www.ietf.org/internet-drafts/draft-ietf-dprive-rfc7626-bis-04.txt Sub state has been changed to AD Followup from Revised ID Needed The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-04 Please note that it may take a couple of minutes from the time of submission until the diff is available at tools.ietf.org. IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-07.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-07.txt Pages : 42 Date: 2019-12-19 Abstract: This document presents operational, policy and security considerations for DNS recursive resolver operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a framework to assist writers of a DNS Recursive Operator Privacy Statement (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC6841). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-07 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-phase2-requirements-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Requirements for Exchanges between Recursive Resolvers and Authoritative Servers Authors : Jason Livingood Alexander Mayrhofer Benno Overeinder Filename: draft-ietf-dprive-phase2-requirements-00.txt Pages : 10 Date: 2019-12-14 Abstract: This document provides requirements for adding confidentiality to DNS exchanges between recursive resolvers and authoritative servers. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-phase2-requirements/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-phase2-requirements-00 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-phase2-requirements-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-rfc7626-bis-03.txt
A new version (-03) has been submitted for draft-ietf-dprive-rfc7626-bis: https://www.ietf.org/internet-drafts/draft-ietf-dprive-rfc7626-bis-03.txt Sub state has been changed to AD Followup from Revised ID Needed The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-03 Please note that it may take a couple of minutes from the time of submission until the diff is available at tools.ietf.org. IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-rfc7626-bis-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Considerations Authors : Stephane Bortzmeyer Sara Dickinson Filename: draft-ietf-dprive-rfc7626-bis-03.txt Pages : 28 Date: 2019-11-18 Abstract: This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-rfc7626-bis-03 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-rfc7626-bis-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-06.txt Pages : 41 Date: 2019-11-18 Abstract: This document presents operational, policy and security considerations for DNS recursive resolver operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a framework to assist writers of a DNS Recursive Operator Privacy Statement (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC6841). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-06 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-05.txt Pages : 40 Date: 2019-10-31 Abstract: This document presents operational, policy and security considerations for DNS recursive resolver operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a framework to assist writers of a DNS Recursive Operator Privacy Statement (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC6841). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-05 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-rfc7626-bis-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Considerations Authors : Stephane Bortzmeyer Sara Dickinson Filename: draft-ietf-dprive-rfc7626-bis-02.txt Pages : 27 Date: 2019-10-16 Abstract: This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-rfc7626-bis-02 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-rfc7626-bis-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-04.txt Pages : 41 Date: 2019-10-04 Abstract: This document presents operational, policy and security considerations for DNS recursive resolver operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a framework to assist writers of a DNS Recursive Operator Privacy Statement (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC6841). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-04 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-rfc7626-bis-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Considerations Authors : Stephane Bortzmeyer Sara Dickinson Filename: draft-ietf-dprive-rfc7626-bis-01.txt Pages : 27 Date: 2019-09-27 Abstract: This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-rfc7626-bis-01 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-rfc7626-bis-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-rfc7626-bis-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-rfc7626-bis-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Considerations Authors : Stephane Bortzmeyer Sara Dickinson Filename: draft-ietf-dprive-rfc7626-bis-00.txt Pages : 23 Date: 2019-07-08 Abstract: This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-rfc7626-bis-00 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-rfc7626-bis-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-03.txt Pages : 35 Date: 2019-07-08 Abstract: This document presents operational, policy and security considerations for DNS operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a framework to assist writers of DNS Privacy Policy and Practices Statements (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in [RFC6841]). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-03 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-02.txt Pages : 34 Date: 2019-03-11 Abstract: This document presents operational, policy and security considerations for DNS operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a framework to assist writers of DNS Privacy Policy and Practices Statements (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in [RFC6841]). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-02 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-bortzmeyer-dprive-rfc7626-bis-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Privacy Considerations Authors : Stephane Bortzmeyer Sara Dickinson Filename: draft-bortzmeyer-dprive-rfc7626-bis-02.txt Pages : 23 Date: 2019-01-15 Abstract: This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-bortzmeyer-dprive-rfc7626-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-bortzmeyer-dprive-rfc7626-bis-02 https://datatracker.ietf.org/doc/html/draft-bortzmeyer-dprive-rfc7626-bis-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-bortzmeyer-dprive-rfc7626-bis-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-bcp-op-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Recommendations for DNS Privacy Service Operators Authors : Sara Dickinson Benno J. Overeinder Roland M. van Rijswijk-Deij Allison Mankin Filename: draft-ietf-dprive-bcp-op-01.txt Pages : 33 Date: 2018-12-18 Abstract: This document presents operational, policy and security considerations for DNS operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a framework to assist writers of DNS Privacy Policy and Practices Statements (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in [RFC6841]). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-01 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-bcp-op-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-bcp-op-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-padding-policy-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Padding Policy for EDNS(0) Author : Alexander Mayrhofer Filename: draft-ietf-dprive-padding-policy-06.txt Pages : 10 Date: 2018-07-19 Abstract: RFC 7830 specifies the EDNS(0) 'Padding' option, but does not specify the actual padding length for specific applications. This memo lists the possible options ("Padding Policies"), discusses implications of each of these options, and provides a recommended (experimental) option. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-padding-policy/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-06 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-padding-policy-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-padding-policy-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-padding-policy-06.txt
A new version (-06) has been submitted for draft-ietf-dprive-padding-policy: https://www.ietf.org/internet-drafts/draft-ietf-dprive-padding-policy-06.txt Sub state has been changed to AD Followup from Revised ID Needed The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-padding-policy/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-padding-policy-06 Please note that it may take a couple of minutes from the time of submission until the diff is available at tools.ietf.org. IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] New Version Notification - draft-ietf-dprive-padding-policy-05.txt
A new version (-05) has been submitted for draft-ietf-dprive-padding-policy: https://www.ietf.org/internet-drafts/draft-ietf-dprive-padding-policy-05.txt The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-padding-policy/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-padding-policy-05 Please note that it may take a couple of minutes from the time of submission until the diff is available at tools.ietf.org. IETF Secretariat. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-padding-policy-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Padding Policy for EDNS(0) Author : Alexander Mayrhofer Filename: draft-ietf-dprive-padding-policy-05.txt Pages : 10 Date: 2018-04-13 Abstract: RFC 7830 specifies the EDNS(0) 'Padding' option, but does not specify the actual padding length for specific applications. This memo lists the possible options ("Padding Policies"), discusses implications of each of these options, and provides a recommended (experimental) option. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-padding-policy/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-05 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-padding-policy-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-padding-policy-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-padding-policy-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Padding Policy for EDNS(0) Author : Alexander Mayrhofer Filename: draft-ietf-dprive-padding-policy-03.txt Pages : 9 Date: 2018-01-17 Abstract: RFC 7830 specifies the EDNS(0) 'Padding' option, but does not specify the actual padding length for specific applications. This memo lists the possible options ("Padding Policies"), discusses implications of each of these options, and provides a recommended (experimental) option. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-padding-policy/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-03 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-padding-policy-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-padding-policy-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-padding-policy-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Padding Policy for EDNS(0) Author : Alexander Mayrhofer Filename: draft-ietf-dprive-padding-policy-02.txt Pages : 8 Date: 2017-09-28 Abstract: RFC 7830 specifies the EDNS0 'Padding' option, but does not specify the actual padding length for specific applications. This memo lists the possible options ("Padding Policies"), discusses the implications of each of these options, and provides a recommended (experimental) option. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-padding-policy/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-02 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-padding-policy-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-padding-policy-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dtls-and-tls-profiles-11.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Usage and (D)TLS Profiles for DNS-over-(D)TLS Authors : Sara Dickinson Daniel Kahn Gillmor Tirumaleswar Reddy Filename: draft-ietf-dprive-dtls-and-tls-profiles-11.txt Pages : 29 Date: 2017-09-11 Abstract: This document discusses Usage Profiles, based on one or more authentication mechanisms, which can be used for DNS over Transport Layer Security (TLS) or Datagram TLS (DTLS). These profiles can increase the privacy of DNS transactions compared to using only clear text DNS. This document also specifies new authentication mechanisms - it describes several ways a DNS client can use an authentication domain name to authenticate a (D)TLS connection to a DNS server. Additionally, it defines (D)TLS protocol profiles for DNS clients and servers implementing DNS-over-(D)TLS. This document updates RFC 7858. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-tls-profiles/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-dtls-and-tls-profiles-11 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dtls-and-tls-profiles-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dtls-and-tls-profiles-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-padding-policy-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange of the IETF. Title : Padding Policy for EDNS(0) Author : Alexander Mayrhofer Filename: draft-ietf-dprive-padding-policy-01.txt Pages : 7 Date: 2017-07-03 Abstract: RFC 7830 specifies the EDNS0 'Padding' option, but does not specify the length of padding to be used in specific applications. This memo lists the possible options ("Padding Policies"), discusses the implications of each of these options, and provides a recommended option. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-padding-policy/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-01 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-padding-policy-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-padding-policy-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dtls-and-tls-profiles-10.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange of the IETF. Title : Usage and (D)TLS Profiles for DNS-over-(D)TLS Authors : Sara Dickinson Daniel Kahn Gillmor Tirumaleswar Reddy Filename: draft-ietf-dprive-dtls-and-tls-profiles-10.txt Pages : 29 Date: 2017-06-16 Abstract: This document discusses Usage Profiles, based on one or more authentication mechanisms, which can be used for DNS over Transport Layer Security (TLS) or Datagram TLS (DTLS). These profiles can increase the privacy of DNS transactions compared to using only clear text DNS. This document also specifies new authentication mechanisms - it describes several ways a DNS client can use an authentication domain name to authenticate a (D)TLS connection to a DNS server. Additionally, it defines (D)TLS protocol profiles for DNS clients and servers implementing DNS-over-(D)TLS. This document updates RFC 7858. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-tls-profiles/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-dtls-and-tls-profiles-10 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dtls-and-tls-profiles-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dtls-and-tls-profiles-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dtls-and-tls-profiles-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange of the IETF. Title : Authentication and (D)TLS Profile for DNS-over-(D)TLS Authors : Sara Dickinson Daniel Kahn Gillmor Tirumaleswar Reddy Filename: draft-ietf-dprive-dtls-and-tls-profiles-08.txt Pages : 26 Date: 2017-01-18 Abstract: This document discusses Usage Profiles, based on one or more authentication mechanisms, which can be used for DNS over Transport Layer Security (TLS) or Datagram TLS (DTLS). This document also specifies new authentication mechanisms - it describes several ways a DNS client can use an authentication domain name to authenticate a DNS server. Additionally, it defines (D)TLS profiles for DNS clients and servers implementing DNS-over-(D)TLS. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-tls-profiles/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-dprive-dtls-and-tls-profiles-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dtls-and-tls-profiles-08 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-13.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange of the IETF. Title : Specification for DNS over Datagram Transport Layer Security (DTLS) Authors : Tirumaleswar Reddy Dan Wing Prashanth Patil Filename: draft-ietf-dprive-dnsodtls-13.txt Pages : 12 Date: 2016-11-30 Abstract: DNS queries and responses are visible to network elements on the path between the DNS client and its server. These queries and responses can contain privacy-sensitive information which is valuable to protect. This document proposes the use of Datagram Transport Layer Security (DTLS) for DNS, to protect against passive listeners and certain active attacks. As latency is critical for DNS, this proposal also discusses mechanisms to reduce DTLS round trips and reduce DTLS handshake size. The proposed mechanism runs over port 853. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-dprive-dnsodtls-13 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsodtls-13 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dtls-and-tls-profiles-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange of the IETF. Title : Authentication and (D)TLS Profile for DNS-over-(D)TLS Authors : Sara Dickinson Daniel Kahn Gillmor Tirumaleswar Reddy Filename: draft-ietf-dprive-dtls-and-tls-profiles-05.txt Pages : 22 Date: 2016-10-20 Abstract: This document describes how a DNS client can use a domain name to authenticate a DNS server that uses Transport Layer Security (TLS) and Datagram TLS (DTLS). Additionally, it defines (D)TLS profiles for DNS clients and servers implementing DNS-over-TLS and DNS-over- DTLS. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-tls-profiles/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-dprive-dtls-and-tls-profiles-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dtls-and-tls-profiles-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy