Re: [dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-05.txt

[Dan Wing]

On 16-Mar-2016 06:36 am, Stephane Bortzmeyer  wrote:
> 
> On Wed, Mar 16, 2016 at 04:54:33AM +,
> Tirumaleswar Reddy (tireddy)  wrote 
> a message of 64 lines which said:
> 
>> This revision addresses comments from Stephane.
> 
> Yes, I like the new text in the Security Considerations. But I'm not
> completely happy with the changes.
> 
> 1) There is now no mention of ICMP. I understand why, ICMP is not
> authentified but I can hear the IESG asking "What the client should do
> when receiving ICMP errors?"

Treat all ICMP errors as soft errors (RFC1122 defines hard and soft ICMP 
errors).

-d

> 2) You now demultiplex by "Query ID, Query type and Query class". What
> about the QNAME? It seems more important than the class...
> 
> 
> 
> ___
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy


___
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy

Re: [dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-05.txt

[Stephane Bortzmeyer]

On Wed, Mar 16, 2016 at 04:54:33AM +,
 Tirumaleswar Reddy (tireddy)  wrote 
 a message of 64 lines which said:

> This revision addresses comments from Stephane.

Yes, I like the new text in the Security Considerations. But I'm not
completely happy with the changes.

1) There is now no mention of ICMP. I understand why, ICMP is not
authentified but I can hear the IESG asking "What the client should do
when receiving ICMP errors?"

2) You now demultiplex by "Query ID, Query type and Query class". What
about the QNAME? It seems more important than the class...



___
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy

Re: [dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-05.txt

[Tirumaleswar Reddy (tireddy)]

This revision addresses comments from Stephane.

-Tiru

> -Original Message-
> From: dns-privacy [mailto:dns-privacy-boun...@ietf.org] On Behalf Of
> internet-dra...@ietf.org
> Sent: Wednesday, March 16, 2016 10:21 AM
> To: i-d-annou...@ietf.org
> Cc: dns-privacy@ietf.org
> Subject: [dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-05.txt
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the DNS PRIVate Exchange of the IETF.
> 
> Title   : DNS over DTLS (DNSoD)
> Authors : Tirumaleswar Reddy
>   Dan Wing
>   Prashanth Patil
>   Filename: draft-ietf-dprive-dnsodtls-05.txt
>   Pages   : 11
>   Date: 2016-03-15
> 
> Abstract:
>DNS queries and responses are visible to network elements on the path
>between the DNS client and its server.  These queries and responses
>can contain privacy-sensitive information which is valuable to
>protect.  An active attacker can send bogus responses causing
>misdirection of the subsequent connection.
> 
>To counter passive listening and active attacks, this document
>proposes the use of Datagram Transport Layer Security (DTLS) for DNS,
>to protect against passive listeners and certain active attacks.  As
>DNS needs to remain fast, this proposal also discusses mechanisms to
>reduce DTLS round trips and reduce DTLS handshake size.  The proposed
>mechanism runs over port 853.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/
> 
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-dprive-dnsodtls-05
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsodtls-05
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> ___
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy

___
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy

[dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-05.txt

[internet-drafts]

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the DNS PRIVate Exchange of the IETF.

Title   : DNS over DTLS (DNSoD)
Authors : Tirumaleswar Reddy
  Dan Wing
  Prashanth Patil
Filename: draft-ietf-dprive-dnsodtls-05.txt
Pages   : 11
Date: 2016-03-15

Abstract:
   DNS queries and responses are visible to network elements on the path
   between the DNS client and its server.  These queries and responses
   can contain privacy-sensitive information which is valuable to
   protect.  An active attacker can send bogus responses causing
   misdirection of the subsequent connection.

   To counter passive listening and active attacks, this document
   proposes the use of Datagram Transport Layer Security (DTLS) for DNS,
   to protect against passive listeners and certain active attacks.  As
   DNS needs to remain fast, this proposal also discusses mechanisms to
   reduce DTLS round trips and reduce DTLS handshake size.  The proposed
   mechanism runs over port 853.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-dprive-dnsodtls-05

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsodtls-05


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy