On Tue, Jul 9, 2019 at 5:03 AM Sara Dickinson <s...@sinodun.com> wrote:
> All, > > An updated version of draft-hzpa-dprive-xfr-over-tls has been submitted > which contains much more detail on data flows, authentication mechanisms > and other issues than the previous version. > > Feedback and review welcomed. > > Best regards > > Sara. > > Begin forwarded message: > > *From: *internet-dra...@ietf.org > *Subject: **New Version Notification for > draft-hzpa-dprive-xfr-over-tls-02.txt* > *Date: *8 July 2019 at 18:27:36 BST > *To: *"Sara Dickinson" <s...@sinodun.com>, "Han Zhang" < > hzh...@salesforce.com>, "Willem Toorop" <wil...@nlnetlabs.nl>, "Allison > Mankin" <allison.man...@gmail.com>, "Pallavi Aras" <pa...@salesforce.com> > > > A new version of I-D, draft-hzpa-dprive-xfr-over-tls-02.txt > has been successfully submitted by Sara Dickinson and posted to the > IETF repository. > > Name: draft-hzpa-dprive-xfr-over-tls > Revision: 02 > Title: DNS Zone Transfer-over-TLS > Document date: 2019-07-08 > Group: Individual Submission > Pages: 18 > URL: > https://www.ietf.org/internet-drafts/draft-hzpa-dprive-xfr-over-tls-02.txt > Status: > https://datatracker.ietf.org/doc/draft-hzpa-dprive-xfr-over-tls/ > Htmlized: > https://tools.ietf.org/html/draft-hzpa-dprive-xfr-over-tls-02 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-hzpa-dprive-xfr-over-tls > Diff: > https://www.ietf.org/rfcdiff?url2=draft-hzpa-dprive-xfr-over-tls-02 > > Abstract: > DNS zone transfers are transmitted in clear text, which gives > attackers the opportunity to collect the content of a zone by > eavesdropping on network connections. The DNS Transaction Signature > (TSIG) mechanism is specified to restrict direct zone transfer to > authorized clients only, but it does not add confidentiality. This > document specifies use of DNS-over-TLS to prevent zone contents > collection via passive monitoring of zone transfers. > > 4.1. AXFR Mechanism "zone is update to date" "update to" -> "up to" 4.2. "forth step" -> "fourth step" (in several places) 4.3. Data Leakage of NOTIFY and SOA Message Exchanges "This section attempts to presents a rationale" "presents" -> "present" 6.2. TLS Not sure that these are the right words. "surveillance" to me implies a passive watching. Which means: "passive surveillance" - is redundant, and "active surveillance" - is a contradiction in terms. I assume that "active" means sending packets to try to confuse the server or client, which I would call an "attack" and not "surveillance". Or am I wrong? -- Bob Harold
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy