On Mon, Nov 18, 2019 at 9:46 AM <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the DNS PRIVate Exchange WG of the IETF. > > Title : DNS Zone Transfer-over-TLS > Authors : Han Zhang > Pallavi Aras > Willem Toorop > Sara Dickinson > Allison Mankin > Filename : draft-ietf-dprive-xfr-over-tls-00.txt > Pages : 19 > Date : 2019-11-18 > > Abstract: > DNS zone transfers are transmitted in clear text, which gives > attackers the opportunity to collect the content of a zone by > eavesdropping on network connections. The DNS Transaction Signature > (TSIG) mechanism is specified to restrict direct zone transfer to > authorized clients only, but it does not add confidentiality. This > document specifies use of DNS-over-TLS to prevent zone contents > collection via passive monitoring of zone transfers. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-00 > https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-00
Looks good to me. Minor changes: 4.3. Data Leakage of NOTIFY and SOA Message Exchanges "Since the SOA of the published zone can be trivially discovered by simply querying the publicly available authoritative servers leakage RR of this is not discussed in the following sections." "RR of this" -> "of this RR" 6.4. IP Based ACL on the Primary "This is also possible with XoT but it must be noted that as with TCP the implementation of such and ACL cannot be enforced" "and ACL" -> "an ACL" -- Bob Harold
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
