Re: [dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-05.txt
On 16-Mar-2016 06:36 am, Stephane Bortzmeyerwrote: > > On Wed, Mar 16, 2016 at 04:54:33AM +, > Tirumaleswar Reddy (tireddy) wrote > a message of 64 lines which said: > >> This revision addresses comments from Stephane. > > Yes, I like the new text in the Security Considerations. But I'm not > completely happy with the changes. > > 1) There is now no mention of ICMP. I understand why, ICMP is not > authentified but I can hear the IESG asking "What the client should do > when receiving ICMP errors?" Treat all ICMP errors as soft errors (RFC1122 defines hard and soft ICMP errors). -d > 2) You now demultiplex by "Query ID, Query type and Query class". What > about the QNAME? It seems more important than the class... > > > > ___ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-05.txt
On Wed, Mar 16, 2016 at 04:54:33AM +, Tirumaleswar Reddy (tireddy)wrote a message of 64 lines which said: > This revision addresses comments from Stephane. Yes, I like the new text in the Security Considerations. But I'm not completely happy with the changes. 1) There is now no mention of ICMP. I understand why, ICMP is not authentified but I can hear the IESG asking "What the client should do when receiving ICMP errors?" 2) You now demultiplex by "Query ID, Query type and Query class". What about the QNAME? It seems more important than the class... ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-05.txt
This revision addresses comments from Stephane. -Tiru > -Original Message- > From: dns-privacy [mailto:dns-privacy-boun...@ietf.org] On Behalf Of > internet-dra...@ietf.org > Sent: Wednesday, March 16, 2016 10:21 AM > To: i-d-annou...@ietf.org > Cc: dns-privacy@ietf.org > Subject: [dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-05.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the DNS PRIVate Exchange of the IETF. > > Title : DNS over DTLS (DNSoD) > Authors : Tirumaleswar Reddy > Dan Wing > Prashanth Patil > Filename: draft-ietf-dprive-dnsodtls-05.txt > Pages : 11 > Date: 2016-03-15 > > Abstract: >DNS queries and responses are visible to network elements on the path >between the DNS client and its server. These queries and responses >can contain privacy-sensitive information which is valuable to >protect. An active attacker can send bogus responses causing >misdirection of the subsequent connection. > >To counter passive listening and active attacks, this document >proposes the use of Datagram Transport Layer Security (DTLS) for DNS, >to protect against passive listeners and certain active attacks. As >DNS needs to remain fast, this proposal also discusses mechanisms to >reduce DTLS round trips and reduce DTLS handshake size. The proposed >mechanism runs over port 853. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-dprive-dnsodtls-05 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsodtls-05 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > ___ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange of the IETF. Title : DNS over DTLS (DNSoD) Authors : Tirumaleswar Reddy Dan Wing Prashanth Patil Filename: draft-ietf-dprive-dnsodtls-05.txt Pages : 11 Date: 2016-03-15 Abstract: DNS queries and responses are visible to network elements on the path between the DNS client and its server. These queries and responses can contain privacy-sensitive information which is valuable to protect. An active attacker can send bogus responses causing misdirection of the subsequent connection. To counter passive listening and active attacks, this document proposes the use of Datagram Transport Layer Security (DTLS) for DNS, to protect against passive listeners and certain active attacks. As DNS needs to remain fast, this proposal also discusses mechanisms to reduce DTLS round trips and reduce DTLS handshake size. The proposed mechanism runs over port 853. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-dprive-dnsodtls-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-dnsodtls-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy