[dns-privacy] Document Action: 'Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS' to Experimental RFC (draft-ietf-dprive-unilateral-probing-13.txt)
The IESG <iesg-secretary@ietf.org> Tue, 31 October 2023 16:20 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: dns-privacy@ietf.org
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6307BC1705E0; Tue, 31 Oct 2023 09:20:37 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 11.14.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, brian@innovationslab.net, dns-privacy@ietf.org, dprive-chairs@ietf.org, draft-ietf-dprive-unilateral-probing@ietf.org, evyncke@cisco.com, rfc-editor@rfc-editor.org, tjw.ietf@gmail.com
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Message-ID: <169876923739.27701.14152904643770219853@ietfa.amsl.com>
Date: Tue, 31 Oct 2023 09:20:37 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/bi7r8-PjCMvt144QGCrTjXlVQx0>
Subject: [dns-privacy] Document Action: 'Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS' to Experimental RFC (draft-ietf-dprive-unilateral-probing-13.txt)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2023 16:20:37 -0000
The IESG has approved the following document: - 'Unilateral Opportunistic Deployment of Encrypted Recursive-to- Authoritative DNS' (draft-ietf-dprive-unilateral-probing-13.txt) as Experimental RFC This document is the product of the DNS PRIVate Exchange Working Group. The IESG contact persons are Erik Kline and Éric Vyncke. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ Technical Summary This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. Wider easy deployment of the underlying transport on an opportunistic basis may facilitate the future specification of stronger cryptographic protections against more powerful attacks. Working Group Summary As this document defines new features for DNS message exchanges, there was some controversy around the potential impact to certain types of DNS servers (e.g., distributed authoritative servers). Due to those concerns, the document describes a set of measurements to be collected once the document is published as an RFC. Those measurements will allow the WG to determine the overall operational impact of this type of probing on DNS services supporting this specification. Document Quality This document contains a list of current implementations per RFC 7942. It has also been reviewed by several directorates (DNS and OPS), leading to some changes. Personnel The Document Shepherd for this document is Brian Haberman. The Responsible Area Director is Éric Vyncke.