Re: [dns-privacy] Fwd: New Version Notification for draft-hzpa-dprive-xfr-over-tls-02.txt
> On 11 Jul 2019, at 16:06, Bob Harold wrote: > > > 4.1. AXFR Mechanism > > "zone is update to date" > > "update to" -> "up to" > > 4.2. > > "forth step" -> "fourth step" (in several places) > > 4.3. Data Leakage of NOTIFY and SOA Message Exchanges > > "This section attempts to presents a rationale" > > "presents" -> “present" Thanks for spotting those! > > > 6.2. TLS > > Not sure that these are the right words. "surveillance" to me implies a > passive watching. Which means: > "passive surveillance" - is redundant, and > "active surveillance" - is a contradiction in terms. > I assume that "active" means sending packets to try to confuse the server or > client, which I would call an "attack" and not "surveillance". > Or am I wrong? I think you are right, using ‘attack’ here would be more correct - will update. Sara. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] Fwd: New Version Notification for draft-hzpa-dprive-xfr-over-tls-02.txt
On Tue, Jul 9, 2019 at 5:03 AM Sara Dickinson wrote: > All, > > An updated version of draft-hzpa-dprive-xfr-over-tls has been submitted > which contains much more detail on data flows, authentication mechanisms > and other issues than the previous version. > > Feedback and review welcomed. > > Best regards > > Sara. > > Begin forwarded message: > > *From: *internet-dra...@ietf.org > *Subject: **New Version Notification for > draft-hzpa-dprive-xfr-over-tls-02.txt* > *Date: *8 July 2019 at 18:27:36 BST > *To: *"Sara Dickinson" , "Han Zhang" < > hzh...@salesforce.com>, "Willem Toorop" , "Allison > Mankin" , "Pallavi Aras" > > > A new version of I-D, draft-hzpa-dprive-xfr-over-tls-02.txt > has been successfully submitted by Sara Dickinson and posted to the > IETF repository. > > Name: draft-hzpa-dprive-xfr-over-tls > Revision: 02 > Title: DNS Zone Transfer-over-TLS > Document date: 2019-07-08 > Group: Individual Submission > Pages: 18 > URL: > https://www.ietf.org/internet-drafts/draft-hzpa-dprive-xfr-over-tls-02.txt > Status: > https://datatracker.ietf.org/doc/draft-hzpa-dprive-xfr-over-tls/ > Htmlized: > https://tools.ietf.org/html/draft-hzpa-dprive-xfr-over-tls-02 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-hzpa-dprive-xfr-over-tls > Diff: > https://www.ietf.org/rfcdiff?url2=draft-hzpa-dprive-xfr-over-tls-02 > > Abstract: > DNS zone transfers are transmitted in clear text, which gives > attackers the opportunity to collect the content of a zone by > eavesdropping on network connections. The DNS Transaction Signature > (TSIG) mechanism is specified to restrict direct zone transfer to > authorized clients only, but it does not add confidentiality. This > document specifies use of DNS-over-TLS to prevent zone contents > collection via passive monitoring of zone transfers. > > 4.1. AXFR Mechanism "zone is update to date" "update to" -> "up to" 4.2. "forth step" -> "fourth step" (in several places) 4.3. Data Leakage of NOTIFY and SOA Message Exchanges "This section attempts to presents a rationale" "presents" -> "present" 6.2. TLS Not sure that these are the right words. "surveillance" to me implies a passive watching. Which means: "passive surveillance" - is redundant, and "active surveillance" - is a contradiction in terms. I assume that "active" means sending packets to try to confuse the server or client, which I would call an "attack" and not "surveillance". Or am I wrong? -- Bob Harold ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] Fwd: New Version Notification for draft-hzpa-dprive-xfr-over-tls-02.txt
All, An updated version of draft-hzpa-dprive-xfr-over-tls has been submitted which contains much more detail on data flows, authentication mechanisms and other issues than the previous version. Feedback and review welcomed. Best regards Sara. > Begin forwarded message: > > From: internet-dra...@ietf.org > Subject: New Version Notification for draft-hzpa-dprive-xfr-over-tls-02.txt > Date: 8 July 2019 at 18:27:36 BST > To: "Sara Dickinson" , "Han Zhang" , > "Willem Toorop" , "Allison Mankin" > , "Pallavi Aras" > > > A new version of I-D, draft-hzpa-dprive-xfr-over-tls-02.txt > has been successfully submitted by Sara Dickinson and posted to the > IETF repository. > > Name: draft-hzpa-dprive-xfr-over-tls > Revision: 02 > Title:DNS Zone Transfer-over-TLS > Document date:2019-07-08 > Group:Individual Submission > Pages:18 > URL: > https://www.ietf.org/internet-drafts/draft-hzpa-dprive-xfr-over-tls-02.txt > Status: > https://datatracker.ietf.org/doc/draft-hzpa-dprive-xfr-over-tls/ > Htmlized: https://tools.ietf.org/html/draft-hzpa-dprive-xfr-over-tls-02 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-hzpa-dprive-xfr-over-tls > Diff: > https://www.ietf.org/rfcdiff?url2=draft-hzpa-dprive-xfr-over-tls-02 > > Abstract: > DNS zone transfers are transmitted in clear text, which gives > attackers the opportunity to collect the content of a zone by > eavesdropping on network connections. The DNS Transaction Signature > (TSIG) mechanism is specified to restrict direct zone transfer to > authorized clients only, but it does not add confidentiality. This > document specifies use of DNS-over-TLS to prevent zone contents > collection via passive monitoring of zone transfers. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy