Re: [dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-00.txt
Bob Harold <rharolde@umich.edu> Mon, 25 November 2019 17:28 UTC
Return-Path: <rharolde@umich.edu>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05DAA12086F for <dns-privacy@ietfa.amsl.com>; Mon, 25 Nov 2019 09:28:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C3IVLL7B8CBm for <dns-privacy@ietfa.amsl.com>; Mon, 25 Nov 2019 09:28:35 -0800 (PST)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE15A120120 for <dns-privacy@ietf.org>; Mon, 25 Nov 2019 09:28:34 -0800 (PST)
Received: by mail-lf1-x129.google.com with SMTP id b20so11688989lfp.4 for <dns-privacy@ietf.org>; Mon, 25 Nov 2019 09:28:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=NAqYkBF9B8MQiscveTs6ouCCye8v1b9gaG05Z6hAJxo=; b=Fvk0wsXsKW+gdUzW+AO3/GdR1jsUh58wUhcId81x5yZP2Fl2Auf6jwx9C8TXbYHpYh DKZmXbMZRkEn5WOOYn+ia4+vBrKIAXWbKZP3WibtgFUksSZHscmZU4ziP4wxXacM26VN OITXl5dn9t7yloIDhsL5bIjKuuoTXh8trTXQ8SccH1sKdEVJuUx31bG+Sx/DeuqoLMTL ndyaEOmlroEofwziVO+7wTJq9197wKrFkbwgz5CL95+RdIfJDDECHVMJY5Wi2voGwwtb jsyA3bkcOVabroXtw+Og0j8tEcmrGbqMN+KgrO3PgHjuuHRHgQH6/jIFGpzxle+Zd4VC vxhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=NAqYkBF9B8MQiscveTs6ouCCye8v1b9gaG05Z6hAJxo=; b=GpmI9ZREuuylVE2moxitQlEJDZwv/Tsbzxt7Xr77JciPLW1yOI1wRdAacFVpBgt7qq 4ZhzBFhk/mT8TOQ65DA05NSwbf2adnhneoPKN7fwHDbDsG2SsTftaxpO8cKpoTFgKP6L CetVrxvjxRnbzKk7qZoPqLhD8c18h8TO3LOLioGL//VF1fbT+0nmLl5Kl8JZ2ukMcGv9 nbHdLpSJlk4RiJbADfp6+SvIPZFcKOxS+N6mpZ40aSG1HWDg7W454rSlN00GNKQXB3f3 Xc5redcyYgbdIWmuX0PuqbH5uzthYCoYGfX5K9wPdk0LmooaVyYG/ccdq3ERPCHgP4rG QrIQ==
X-Gm-Message-State: APjAAAUQQYFZGnbnPwzXg/vk3WdmGpPrIUDQEpGVgS+0UTMrFsKZt4Bv N31THf53GfWyyXMJ3PPR2+CjLUMRgQWsc44irYoii1Yww6w=
X-Google-Smtp-Source: APXvYqyacccyOzvoSF01haMf+h+EiFsOjioQm7O5eggmSuXUO+/Wr3cVmp1pq1FSmVbuEXWlZBnyRWplFBQpWZDt9Jw=
X-Received: by 2002:ac2:5193:: with SMTP id u19mr21277766lfi.83.1574702912485; Mon, 25 Nov 2019 09:28:32 -0800 (PST)
MIME-Version: 1.0
References: <157408840653.14102.7123274753296665482@ietfa.amsl.com>
In-Reply-To: <157408840653.14102.7123274753296665482@ietfa.amsl.com>
From: Bob Harold <rharolde@umich.edu>
Date: Mon, 25 Nov 2019 12:28:21 -0500
Message-ID: <CA+nkc8CPzUDYkXqX4bMp6emGmVOQWpRcUyP9A9=AarUUTwFM2A@mail.gmail.com>
To: dns-privacy@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b9cacd05982f1738"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/IfG6gjfgx9u0lvR9QIYN5uNE6TY>
Subject: Re: [dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Nov 2019 17:28:37 -0000
On Mon, Nov 18, 2019 at 9:46 AM <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the DNS PRIVate Exchange WG of the IETF. > > Title : DNS Zone Transfer-over-TLS > Authors : Han Zhang > Pallavi Aras > Willem Toorop > Sara Dickinson > Allison Mankin > Filename : draft-ietf-dprive-xfr-over-tls-00.txt > Pages : 19 > Date : 2019-11-18 > > Abstract: > DNS zone transfers are transmitted in clear text, which gives > attackers the opportunity to collect the content of a zone by > eavesdropping on network connections. The DNS Transaction Signature > (TSIG) mechanism is specified to restrict direct zone transfer to > authorized clients only, but it does not add confidentiality. This > document specifies use of DNS-over-TLS to prevent zone contents > collection via passive monitoring of zone transfers. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-dprive-xfr-over-tls-00 > https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-00 Looks good to me. Minor changes: 4.3. Data Leakage of NOTIFY and SOA Message Exchanges "Since the SOA of the published zone can be trivially discovered by simply querying the publicly available authoritative servers leakage RR of this is not discussed in the following sections." "RR of this" -> "of this RR" 6.4. IP Based ACL on the Primary "This is also possible with XoT but it must be noted that as with TCP the implementation of such and ACL cannot be enforced" "and ACL" -> "an ACL" -- Bob Harold
- [dns-privacy] I-D Action: draft-ietf-dprive-xfr-o… internet-drafts
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-x… Bob Harold