Hi All,
A new draft has been submitted outlining using DNS-over-TLS for zone transfers.
The draft is quite basic at this stage but we are planning to work on this
topic at the Hackathon to try to answer the open questions and move this
forward.
Regards
Sara.
> Begin forwarded message:
>
> From: internet-dra...@ietf.org
> Subject: New Version Notification for draft-hzpa-dprive-xfr-over-tls-01.txt
> Date: 11 March 2019 at 17:58:31 GMT
> To: "Sara Dickinson" , "Han Zhang" ,
> "Willem Toorop" , "Allison Mankin"
> , "Pallavi Aras"
>
>
> A new version of I-D, draft-hzpa-dprive-xfr-over-tls-01.txt
> has been successfully submitted by Sara Dickinson and posted to the
> IETF repository.
>
> Name: draft-hzpa-dprive-xfr-over-tls
> Revision: 01
> Title:DNS Zone Transfer over TLS
> Document date:2019-03-11
> Group:Individual Submission
> Pages:8
> URL:
> https://www.ietf.org/internet-drafts/draft-hzpa-dprive-xfr-over-tls-01.txt
> Status:
> https://datatracker.ietf.org/doc/draft-hzpa-dprive-xfr-over-tls/
> Htmlized: https://tools.ietf.org/html/draft-hzpa-dprive-xfr-over-tls-01
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-hzpa-dprive-xfr-over-tls
> Diff:
> https://www.ietf.org/rfcdiff?url2=draft-hzpa-dprive-xfr-over-tls-01
>
> Abstract:
> DNS zone transfers are transmitted in clear text, which gives
> attackers the opportunity to collect the content of a zone by
> eavesdropping on network connections. The DNS Transaction Signature
> (TSIG) mechanism is specified to restrict direct zone transfer to
> authorized clients only, but it does not add confidentiality. This
> document specifies use of DNS-over-TLS to prevent zone contents
> collection via passive monitoring of zone transfers.
>
>
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
___
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy