[dns-privacy] draft-hoffman-dns-tls-stub-02, now with https:

[Paul Hoffman <paul.hoffman@vpnc.org>]

Greetings again. It was pointed out to me this week that the earlier draft, while useful in stubs that are in part of an OS, was not useful to stubs that are part of a Javascript program that is in a browser. There is a desire for such programs to be able to get DNS responses. This goes back to the "use TLS, but do it as a URL idea" discussed in the meeting in London. I re-read RFC 3205 and realized that this proposal doesn't go against its recommendations.

So, this draft has both the original proposal (run over TLS, negotiated with ALPN) and the new one. Both have disadvantages. I'm interested to hear what people think, hopefully after they have read the draft.

--Paul Hoffman

Begin forwarded message:

> From: internet-drafts@ietf.org
> Subject: New Version Notification for draft-hoffman-dns-tls-stub-02.txt
> Date: August 30, 2014 at 5:44:42 PM PDT
> To: "Paul E. Hoffman" <paul.hoffman@vpnc.org>, Paul Hoffman <paul.hoffman@vpnc.org>
> 
> 
> A new version of I-D, draft-hoffman-dns-tls-stub-02.txt
> has been successfully submitted by Paul Hoffman and posted to the
> IETF repository.
> 
> Name:		draft-hoffman-dns-tls-stub
> Revision:	02
> Title:		Using TLS for Privacy Between DNS Stub and Recursive Resolvers
> Document date:	2014-08-30
> Group:		Individual Submission
> Pages:		10
> URL:            http://www.ietf.org/internet-drafts/draft-hoffman-dns-tls-stub-02.txt
> Status:         https://datatracker.ietf.org/doc/draft-hoffman-dns-tls-stub/
> Htmlized:       http://tools.ietf.org/html/draft-hoffman-dns-tls-stub-02
> Diff:           http://www.ietf.org/rfcdiff?url2=draft-hoffman-dns-tls-stub-02