[dns-privacy] New Version Notification for draft-bretelle-dprive-dot-spki-in-ns-name-00.txt
manu tman <chantr4@gmail.com> Mon, 11 March 2019 16:21 UTC
Return-Path: <chantr4@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CC5E130E67 for <dns-privacy@ietfa.amsl.com>; Mon, 11 Mar 2019 09:21:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58157DUqlKWE for <dns-privacy@ietfa.amsl.com>; Mon, 11 Mar 2019 09:21:26 -0700 (PDT)
Received: from mail-it1-x12c.google.com (mail-it1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89C0D13110F for <dns-privacy@ietf.org>; Mon, 11 Mar 2019 09:20:53 -0700 (PDT)
Received: by mail-it1-x12c.google.com with SMTP id l15so8204055iti.4 for <dns-privacy@ietf.org>; Mon, 11 Mar 2019 09:20:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=F+pWrE0zLknEssfX/usMw8kcZlwL3AhzSoEQirufyVc=; b=NZrmdO+g1riTE583KPdEVeeux8JvlQG5+GMD6xPMwrohQgtK2X1SamDbWBaphdeHTo wWuylnrMdAgKv8VQJ9pxy5oG8YvEdu7Mzbm85SH0NwmXbLZ2ULG0CyCtT5V7Ke9fDhwG GqtF8F+Z22CETUduD8hNRvVX/7o3BbvVujiqqE5DAATIgaoKPf0ft3096rCI+VrRpVpN uPDvNmOdT7TlIVMaNjbRvp/qWvDu1XfaU1DaZtkjxi8gch9SP2qfiVNejLLvMdedFP+r DiLkH1ckqF1KtFFBJMCFS3Vd2jHXHSCGx0B3QethWqe9IovHgwwLPOaR+EiP1wWDrmyM sNkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=F+pWrE0zLknEssfX/usMw8kcZlwL3AhzSoEQirufyVc=; b=AqRf1pxx6nu+wlooqobLN3pleb09RVud1P5RuPXluXQjSVIMw7QytI8BVhuRZbsWc0 8Iehj732llKc7+Kn/nrxq4T+g+l80LwLqPJpwXAINY1D/7CnYQiXt0tGvth96Qc/oqyt CZUiA7UhGwUFkJuXf0tgZE3r0sSAPU0eS9UhL/Lf0BrOBjVby80rRh4j8XJ+1+uOBKGT NXWMwBvV3lamvLgz07wqPi68O/gpW1rOBApOXBOs1KYkfyKGuw1JDGHRUhPp9sQiUOYu HX5WuCM3ullu4FxYV6nsETp8CfaHFPBqSwTc1I8WOG9u4vOSvzbbVjYqLdkFp7m6CtvJ YsMg==
X-Gm-Message-State: APjAAAWfG2wMEH4k856umgfvjo6sAXCEuTrYJgaYeF9y3r+spzVPncRf aqPZuc4HpSqMNS/ZtUOnpVu3/4NHQ2NcSQaAWsjsfw==
X-Google-Smtp-Source: APXvYqzMfJfOkHQgNHTB3PBIHa2a1ai54M+ZY7HG113FPK9L5bqhWxWQp6Y7rYapC7T3ratnh4TOFURoJNbp/hhvOr8=
X-Received: by 2002:a24:3655:: with SMTP id l82mr305749itl.107.1552321252560; Mon, 11 Mar 2019 09:20:52 -0700 (PDT)
MIME-Version: 1.0
From: manu tman <chantr4@gmail.com>
Date: Mon, 11 Mar 2019 09:20:41 -0700
Message-ID: <CAArYzrLkzYgruSwGLuHEBqH-GqhGQOAKnk=m_4QZJRfW1zEeGw@mail.gmail.com>
To: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d6196d0583d3f450"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/DLQ0Vgyt6ud8bG4BZakPskOWUf0>
Subject: [dns-privacy] New Version Notification for draft-bretelle-dprive-dot-spki-in-ns-name-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 16:21:28 -0000
Hi all, I have captured in a draft the mechanism I used during IETF 103 hackathon and which is available aan experimental module in knot-resolver[0]. I was taken short with time before cit-off date, but I hope this will better explain how it works. Manu [0] https://gitlab.labs.nic.cz/knot/knot-resolver/tree/master/modules/experimental_dot_auth ——— A new version of I-D, draft-bretelle-dprive-dot-spki-in-ns-name-00.txt has been successfully submitted by Emmanuel Bretelle and posted to the IETF repository. Name: draft-bretelle-dprive-dot-spki-in-ns-name Revision: 00 Title: Encoding DNS-over-TLS (DoT) Subject Public Key Info (SPKI) in Name Server name Document date: 2019-03-11 Group: Individual Submission Pages: 7 URL: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_internet-2Ddrafts_draft-2Dbretelle-2Ddprive-2Ddot-2Dspki-2Din-2Dns-2Dname-2D00.txt&d=DwICaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=aRgHK985qD76PXQaxDKSjA&m=jSTn0YgV5vZZxmSgDChO302kZVyakva0HQhlXmV_Ks0&s=9TmF-DXxE_0nJ6WyhRNoNSiya3N7h_pVwyRn4qIfD7U&e= Status: https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dbretelle-2Ddprive-2Ddot-2Dspki-2Din-2Dns-2Dname_&d=DwICaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=aRgHK985qD76PXQaxDKSjA&m=jSTn0YgV5vZZxmSgDChO302kZVyakva0HQhlXmV_Ks0&s=5eZd00_oyy5t1SFYXYCMfv1fSl22SudK5I3pkCozKFs&e= Htmlized: https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dbretelle-2Ddprive-2Ddot-2Dspki-2Din-2Dns-2Dname-2D00&d=DwICaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=aRgHK985qD76PXQaxDKSjA&m=jSTn0YgV5vZZxmSgDChO302kZVyakva0HQhlXmV_Ks0&s=ZTRurE9sjAPDCKcx8dBXgYPs0dE9LmmJ194vl04cn3Q&e= Htmlized: https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dbretelle-2Ddprive-2Ddot-2Dspki-2Din-2Dns-2Dname&d=DwICaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=aRgHK985qD76PXQaxDKSjA&m=jSTn0YgV5vZZxmSgDChO302kZVyakva0HQhlXmV_Ks0&s=H0At0r1sQEdFc1snO7kIVALaFf-F1zRRHGPf3aUqkk4&e= Abstract: This document describes a mechanism to exchange the Subject Public Key Info (SPKI) ([RFC5280] Section 4.1.2.7) fingerprint associated with a DNS-over-TLS (DoT [RFC7858]) authoritative server by encoding it as part of its name. The fingerprint can thereafter be used to validate the certificate received from the DoT server as well as being able to discover support for DoT on the server. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [dns-privacy] New Version Notification for draft-… manu tman
- Re: [dns-privacy] New Version Notification for dr… A. Schulze
- Re: [dns-privacy] New Version Notification for dr… manu tman
- Re: [dns-privacy] New Version Notification for dr… A. Schulze
- Re: [dns-privacy] New Version Notification for dr… Bob Harold
- Re: [dns-privacy] New Version Notification for dr… manu tman