On Tue, 17 Jan 2017 18:22:29 +0800, Shane Kerr wrote:
>Hello,
>
>I'm sorry if it has already been discussed, but has there been any work
>done on using TLS for AXFR/IXFR?
>
>It seems like it should be relatively straightforward, compared to the
>stub-to-resolver and resolver-to-authority links. Wh
I'll not continue with the charter topic, because you're right that it's
offtopic on a privacy list. However the point was made because it was an
opportunity as a protocol change would be introduced when introducing
encryption.
On Tue, Jan 17, 2017 at 09:49:09PM -0500, Robert Edmonds wrote:
> What
Mukund Sivaraman wrote:
> Maybe it was not clear from the original mail: when a different
> mechanism (port and related protocol change) is being introduced for
> encrypted traffic which current implementations cannot use without
> changes to them, it would be good to consider revisiting the DNS me
> On Jan 17, 2017, at 02:22, Shane Kerr wrote:
>
> Does this seem like something worth working on?
I'd use it if it was available. Internally one can use any of many methods to
add encryption (IPSec, stunnel, etc), but working with external parties it'd be
very nice to have a standard method.
On Wed, Jan 18, 2017 at 06:53:44AM +0530, Mukund Sivaraman wrote:
> On Tue, Jan 17, 2017 at 07:54:45AM -0800, Paul Hoffman wrote:
> > > On a side note, because any encryption will require a change to the DNS
> > > protocol (i.e., putting things into a crypto box which isn't backwards
> > > compatib
On Tue, Jan 17, 2017 at 07:54:45AM -0800, Paul Hoffman wrote:
> > On a side note, because any encryption will require a change to the DNS
> > protocol (i.e., putting things into a crypto box which isn't backwards
> > compatible) IMO it would be worthwhile to consider revisiting the DNS
> > message
Hi, Shane:
Shane Kerr wrote:
> I'm sorry if it has already been discussed, but has there been any work
> done on using TLS for AXFR/IXFR?
There was a mini-thread back in June 2016, but I think that was it:
https://mailarchive.ietf.org/arch/msg/dns-privacy/eNHQx5KT3MzqjFObqgDRswCpxi4
> It seems
The IESG has approved the following document:
- 'Specification for DNS over Datagram Transport Layer Security (DTLS)'
(draft-ietf-dprive-dnsodtls-15.txt) as Experimental RFC
This document is the product of the DNS PRIVate Exchange Working Group.
The IESG contact persons are Suresh Krishnan and
On 17 Jan 2017, at 2:47, Mukund Sivaraman wrote:
On Tue, Jan 17, 2017 at 06:22:29PM +0800, Shane Kerr wrote:
Note also that it might be worthwhile building a new zone transfer
protocol that can perform better in areas where AXFR and IXFR don't
work well today (unnecessary data in IXFR of signed
In message <20170117182229.73eff...@pallas.home.time-travellers.org>, Shane
Kerr writes:
> Hello,
>
> I'm sorry if it has already been discussed, but has there been any work
> done on using TLS for AXFR/IXFR?
>
> It seems like it should be relatively straightforward, compared to the
> stub-to-res
On Tue, Jan 17, 2017 at 06:22:29PM +0800, Shane Kerr wrote:
> Note also that it might be worthwhile building a new zone transfer
> protocol that can perform better in areas where AXFR and IXFR don't
> work well today (unnecessary data in IXFR of signed zones, inefficiency
> for synchronizing lots o
Hello,
I'm sorry if it has already been discussed, but has there been any work
done on using TLS for AXFR/IXFR?
It seems like it should be relatively straightforward, compared to the
stub-to-resolver and resolver-to-authority links. While it does not
seem as big of a problem either, obviously som
12 matches
Mail list logo