IETF Logo Mail Archive

[dns-privacy] New Version Notification for draft-bretelle-dprive-dot-spki-in-ns-name-00.txt

manu tman <chantr4@gmail.com> Mon, 11 March 2019 16:21 UTC

Return-Path: <chantr4@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CC5E130E67 for <dns-privacy@ietfa.amsl.com>; Mon, 11 Mar 2019 09:21:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58157DUqlKWE for <dns-privacy@ietfa.amsl.com>; Mon, 11 Mar 2019 09:21:26 -0700 (PDT)
Received: from mail-it1-x12c.google.com (mail-it1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89C0D13110F for <dns-privacy@ietf.org>; Mon, 11 Mar 2019 09:20:53 -0700 (PDT)
Received: by mail-it1-x12c.google.com with SMTP id l15so8204055iti.4 for <dns-privacy@ietf.org>; Mon, 11 Mar 2019 09:20:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=F+pWrE0zLknEssfX/usMw8kcZlwL3AhzSoEQirufyVc=; b=NZrmdO+g1riTE583KPdEVeeux8JvlQG5+GMD6xPMwrohQgtK2X1SamDbWBaphdeHTo wWuylnrMdAgKv8VQJ9pxy5oG8YvEdu7Mzbm85SH0NwmXbLZ2ULG0CyCtT5V7Ke9fDhwG GqtF8F+Z22CETUduD8hNRvVX/7o3BbvVujiqqE5DAATIgaoKPf0ft3096rCI+VrRpVpN uPDvNmOdT7TlIVMaNjbRvp/qWvDu1XfaU1DaZtkjxi8gch9SP2qfiVNejLLvMdedFP+r DiLkH1ckqF1KtFFBJMCFS3Vd2jHXHSCGx0B3QethWqe9IovHgwwLPOaR+EiP1wWDrmyM sNkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=F+pWrE0zLknEssfX/usMw8kcZlwL3AhzSoEQirufyVc=; b=AqRf1pxx6nu+wlooqobLN3pleb09RVud1P5RuPXluXQjSVIMw7QytI8BVhuRZbsWc0 8Iehj732llKc7+Kn/nrxq4T+g+l80LwLqPJpwXAINY1D/7CnYQiXt0tGvth96Qc/oqyt CZUiA7UhGwUFkJuXf0tgZE3r0sSAPU0eS9UhL/Lf0BrOBjVby80rRh4j8XJ+1+uOBKGT NXWMwBvV3lamvLgz07wqPi68O/gpW1rOBApOXBOs1KYkfyKGuw1JDGHRUhPp9sQiUOYu HX5WuCM3ullu4FxYV6nsETp8CfaHFPBqSwTc1I8WOG9u4vOSvzbbVjYqLdkFp7m6CtvJ YsMg==
X-Gm-Message-State: APjAAAWfG2wMEH4k856umgfvjo6sAXCEuTrYJgaYeF9y3r+spzVPncRf aqPZuc4HpSqMNS/ZtUOnpVu3/4NHQ2NcSQaAWsjsfw==
X-Google-Smtp-Source: APXvYqzMfJfOkHQgNHTB3PBIHa2a1ai54M+ZY7HG113FPK9L5bqhWxWQp6Y7rYapC7T3ratnh4TOFURoJNbp/hhvOr8=
X-Received: by 2002:a24:3655:: with SMTP id l82mr305749itl.107.1552321252560; Mon, 11 Mar 2019 09:20:52 -0700 (PDT)
MIME-Version: 1.0
From: manu tman <chantr4@gmail.com>
Date: Mon, 11 Mar 2019 09:20:41 -0700
Message-ID: <CAArYzrLkzYgruSwGLuHEBqH-GqhGQOAKnk=m_4QZJRfW1zEeGw@mail.gmail.com>
To: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d6196d0583d3f450"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/DLQ0Vgyt6ud8bG4BZakPskOWUf0>
Subject: [dns-privacy] New Version Notification for draft-bretelle-dprive-dot-spki-in-ns-name-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 16:21:28 -0000

Hi all,

I have captured in a draft the mechanism I used during IETF 103 hackathon
and which is available aan experimental module in knot-resolver[0]. I was
taken short with time before cit-off date, but I hope this will better
explain how it works.

Manu

[0]
https://gitlab.labs.nic.cz/knot/knot-resolver/tree/master/modules/experimental_dot_auth

———



A new version of I-D, draft-bretelle-dprive-dot-spki-in-ns-name-00.txt

has been successfully submitted by Emmanuel Bretelle and posted to the

IETF repository.



Name: draft-bretelle-dprive-dot-spki-in-ns-name

Revision: 00

Title: Encoding DNS-over-TLS (DoT) Subject Public Key Info (SPKI) in Name
Server name

Document date: 2019-03-11

Group: Individual Submission

Pages: 7

URL:
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_internet-2Ddrafts_draft-2Dbretelle-2Ddprive-2Ddot-2Dspki-2Din-2Dns-2Dname-2D00.txt&d=DwICaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=aRgHK985qD76PXQaxDKSjA&m=jSTn0YgV5vZZxmSgDChO302kZVyakva0HQhlXmV_Ks0&s=9TmF-DXxE_0nJ6WyhRNoNSiya3N7h_pVwyRn4qIfD7U&e=

Status:
https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dbretelle-2Ddprive-2Ddot-2Dspki-2Din-2Dns-2Dname_&d=DwICaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=aRgHK985qD76PXQaxDKSjA&m=jSTn0YgV5vZZxmSgDChO302kZVyakva0HQhlXmV_Ks0&s=5eZd00_oyy5t1SFYXYCMfv1fSl22SudK5I3pkCozKFs&e=

Htmlized:
https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dbretelle-2Ddprive-2Ddot-2Dspki-2Din-2Dns-2Dname-2D00&d=DwICaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=aRgHK985qD76PXQaxDKSjA&m=jSTn0YgV5vZZxmSgDChO302kZVyakva0HQhlXmV_Ks0&s=ZTRurE9sjAPDCKcx8dBXgYPs0dE9LmmJ194vl04cn3Q&e=

Htmlized:
https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dbretelle-2Ddprive-2Ddot-2Dspki-2Din-2Dns-2Dname&d=DwICaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=aRgHK985qD76PXQaxDKSjA&m=jSTn0YgV5vZZxmSgDChO302kZVyakva0HQhlXmV_Ks0&s=H0At0r1sQEdFc1snO7kIVALaFf-F1zRRHGPf3aUqkk4&e=





Abstract:

This document describes a mechanism to exchange the Subject Public

Key Info (SPKI) ([RFC5280] Section 4.1.2.7) fingerprint associated

with a DNS-over-TLS (DoT [RFC7858]) authoritative server by encoding

it as part of its name. The fingerprint can thereafter be used to

validate the certificate received from the DoT server as well as

being able to discover support for DoT on the server.









Please note that it may take a couple of minutes from the time of submission

until the htmlized version and diff are available at tools.ietf.org.



The IETF Secretariat

v2.23.0 | Report a Bug | By Email