Re: [dns-privacy] review of draft-ietf-dprive-dns-over-tls

If the TLS stuff is on a separate port that only does TLS, what could possibly happen before the TLS handshake? I'm suggesting that a query/response on port 53 might happen prior to TLS. Oh, OK. It'd help if the text mentioned that. Regards, John Levine, jo...@taugh.com, Taughannock

Re: [dns-privacy] review of draft-ietf-dprive-dns-over-tls

John, > On Oct 1, 2015, at 9:21 PM, John Levine wrote: > > I think it's in pretty good shape but of course I have a few questions. > > In 3.3, it says to match queries and responses "using the ID field and > port number". I get the ID field, but the port number? In a TCP >

Re: [dns-privacy] Please review documents...

> On Oct 2, 2015, at 11:23 AM, 神明達哉 wrote: > > At Wed, 23 Sep 2015 10:32:05 -0400, > Warren Kumari wrote: > >> Please review our documents: >> https://datatracker.ietf.org/doc/draft-ietf-dprive-dns-over-tls/ > > I've reviewed the 00 version of

Re: [dns-privacy] review of draft-ietf-dprive-dns-over-tls

> On Oct 9, 2015, at 3:44 PM, John R Levine wrote: > >> Here's the text: >> >> 3. Any protocol interactions prior to the TLS handshake are >> performed in the clear and can be modified by a person-in-the- >> middle attacker. For this reason, clients MAY discard

Re: [dns-privacy] review of draft-ietf-dprive-dns-over-tls

Here's the text: 3. Any protocol interactions prior to the TLS handshake are performed in the clear and can be modified by a person-in-the- middle attacker. For this reason, clients MAY discard cached information about server capabilities advertised prior to the start

Re: [dns-privacy] I-D Action: draft-ietf-dprive-dns-over-tls-00.txt

> On Oct 2, 2015, at 1:09 AM, Simon Josefsson wrote: > >>> I believe the abstract or introduction section should mention that >>> TLS gives you data integrity services, which protects against >>> on-path tampering. Right now the document talks about encryption >>> to

Re: [dns-privacy] Please review documents...

> On Sep 30, 2015, at 5:05 PM, Watson Ladd wrote: > > On Wed, Sep 23, 2015 at 10:32 AM, Warren Kumari wrote: >> Hi all, >> >> Please review our documents: >> https://datatracker.ietf.org/doc/draft-ietf-dprive-dns-over-tls/ >>

Re: [dns-privacy] review of draft-ietf-dprive-dns-over-tls

That's fine. Thanks. On Sat, 10 Oct 2015, Wessels, Duane wrote: On Oct 9, 2015, at 4:33 PM, John R Levine wrote: If the TLS stuff is on a separate port that only does TLS, what could possibly happen before the TLS handshake? I'm suggesting that a query/response on

Re: [dns-privacy] review of draft-ietf-dprive-dns-over-tls

> On Oct 9, 2015, at 4:33 PM, John R Levine wrote: > >>> If the TLS stuff is on a separate port that only does TLS, what could >>> possibly happen before the TLS handshake? >> >> I'm suggesting that a query/response on port 53 might happen prior to TLS. > > Oh, OK. It'd

Re: [dns-privacy] DNSoDTLS fragmentation/reassembly shim [was Re: review of draft-ietf-dprive-dnsodtls-01]

Dan, On Fri, 9 Oct 2015 10:07:54 -0700 Dan Wing wrote: > On 05-Oct-2015 03:48 pm, Ted Hardie wrote: > > That said, the shim layer proposal seems at first glance to a > > pretty simple extension of the multiplexing mechanics already > > described. That

[dns-privacy] DNSoDTLS fragmentation/reassembly shim [was Re: review of draft-ietf-dprive-dnsodtls-01]

On 05-Oct-2015 03:48 pm, Ted Hardie wrote: > That said, the shim layer proposal seems at first glance to a pretty simple > extension of the multiplexing mechanics already described. That is, you have > the QueryID to allow you to interleave requests; you use that in >