Re: [dns-privacy] New Version Notification for draft-zatda-dprive-xfr-using-dso-00.txt
Sara Dickinson <sara@sinodun.com> Tue, 09 July 2019 09:03 UTC
Return-Path: <sara@sinodun.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 449D11203BB for <dns-privacy@ietfa.amsl.com>; Tue, 9 Jul 2019 02:03:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sinodun.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u96DjaazJXJT for <dns-privacy@ietfa.amsl.com>; Tue, 9 Jul 2019 02:03:46 -0700 (PDT)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 994251203B6 for <dns-privacy@ietf.org>; Tue, 9 Jul 2019 02:03:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sinodun.com ; s=mythic-beasts-k1; h=To:Date:Subject:From; bh=Rcjy/vId/RDOUJoZbPAjxsF9C4XCre0pFS9yM6//jlc=; b=cvSc683ExGhyODpnTrcX1JHvHx qSBxTgvZoaBGQAfy+/Vxm5/cDThlebUy31+X+HSJD2scpYHbU0BogpKZk8IAy+1sp1UKuaNdnRw4t TqT9bv/BrIfF9uafUm1j0ab9SVtqCTRKYZepO0+mKLMyAnIOtNXxD/rTg7Z9324nbJmdHO1di3qr+ xKcXMDbberQXN05eYaTImx6FHbL735T0yXT8wzIpsA60JrysjhFSBSXL9t7w7ulZDBNDpNVc90ZHf /B9/QwuantgjgmnTvIKhHrXg7lg+KmnRgUB5I3cQGLRfz7g5VdOA7gPobhhwDWtdYqBGswLVNuyiJ VJAVZUTA==;
Received: from [62.232.251.194] (port=1266 helo=[172.27.240.5]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <sara@sinodun.com>) id 1hkm2H-0007QI-7K for dns-privacy@ietf.org; Tue, 09 Jul 2019 10:03:45 +0100
From: Sara Dickinson <sara@sinodun.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 09 Jul 2019 10:03:40 +0100
References: <156260792242.808.508025353392512987.idtracker@ietfa.amsl.com>
To: dns-privacy@ietf.org
In-Reply-To: <156260792242.808.508025353392512987.idtracker@ietfa.amsl.com>
Message-Id: <E2CC956E-C409-46CC-881A-0C9D900C6EFC@sinodun.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/ieblvUKfuhnE8nBetrXBzdoVx-I>
Subject: Re: [dns-privacy] New Version Notification for draft-zatda-dprive-xfr-using-dso-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 09:03:48 -0000
Hi All, A new draft has been submitted that outlines the basics of a DSO based mechanism for zone transfers requiring TLS. There is much more work to do on the details and potentially additional messaging to define but hopefully this includes information to get some initial feedback on this proposal. Best regards Sara. > On 8 Jul 2019, at 18:45, internet-drafts@ietf.org wrote: > > > A new version of I-D, draft-zatda-dprive-xfr-using-dso-00.txt > has been successfully submitted by Sara Dickinson and posted to the > IETF repository. > > Name: draft-zatda-dprive-xfr-using-dso > Revision: 00 > Title: DNS Zone Transfer using DNS Stateful Operations > Document date: 2019-07-08 > Group: Individual Submission > Pages: 21 > URL: https://www.ietf.org/internet-drafts/draft-zatda-dprive-xfr-using-dso-00.txt > Status: https://datatracker.ietf.org/doc/draft-zatda-dprive-xfr-using-dso/ > Htmlized: https://tools.ietf.org/html/draft-zatda-dprive-xfr-using-dso-00 > Htmlized: https://datatracker.ietf.org/doc/html/draft-zatda-dprive-xfr-using-dso > > > Abstract: > DNS zone transfers are transmitted in clear text, which gives > attackers the opportunity to collect the content of a zone by > eavesdropping on network connections. This document specifies use of > DNS Stateful Operations to enable a subscribe/publish mechanism for > zone transfers reducing the over head introduced by NOTITY/SOA > interactions prior to zone transfer request. This additionally > prevents zone contents collection via passive monitoring of zone > transfers by restricting XFR using DSO to require TLS. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat >
- Re: [dns-privacy] New Version Notification for dr… Sara Dickinson
- Re: [dns-privacy] New Version Notification for dr… Tom Pusateri
- Re: [dns-privacy] New Version Notification for dr… Sara Dickinson
- Re: [dns-privacy] New Version Notification for dr… Tony Finch
- Re: [dns-privacy] New Version Notification for dr… Matthijs Mekking