[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-12.txt

internet-drafts@ietf.org Thu, 27 May 2021 08:32 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: dns-privacy@ietf.org
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 24D113A136E; Thu, 27 May 2021 01:32:25 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
Cc: dns-privacy@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.30.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: dns-privacy@ietf.org
Message-ID: <162210434509.22726.16703669961047315198@ietfa.amsl.com>
Date: Thu, 27 May 2021 01:32:25 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/k8pM48AmsZHBlPTArIX5ZCJO0Pg>
Subject: [dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-12.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2021 08:32:25 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the DNS PRIVate Exchange WG of the IETF.

        Title           : DNS Zone Transfer-over-TLS
        Authors         : Willem Toorop
                          Sara Dickinson
                          Shivan Sahib
                          Pallavi Aras
                          Allison Mankin
	Filename        : draft-ietf-dprive-xfr-over-tls-12.txt
	Pages           : 42
	Date            : 2021-05-27

   DNS zone transfers are transmitted in clear text, which gives
   attackers the opportunity to collect the content of a zone by
   eavesdropping on network connections.  The DNS Transaction Signature
   (TSIG) mechanism is specified to restrict direct zone transfer to
   authorized clients only, but it does not add confidentiality.  This
   document specifies the use of TLS, rather than clear text, to prevent
   zone content collection via passive monitoring of zone transfers:
   XFR-over-TLS (XoT).  Additionally, this specification updates RFC1995
   and RFC5936 with respect to efficient use of TCP connections, and
   RFC7766 with respect to the recommended number of connections between
   a client and server for each transport.

The IETF datatracker status page for this draft is:

There is also an htmlized version available at:

A diff from the previous version is available at:

Internet-Drafts are also available by anonymous FTP at: