[dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-12.txt
internet-drafts@ietf.org Thu, 27 May 2021 08:32 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: dns-privacy@ietf.org
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 24D113A136E; Thu, 27 May 2021 01:32:25 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: dns-privacy@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.30.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: dns-privacy@ietf.org
Message-ID: <162210434509.22726.16703669961047315198@ietfa.amsl.com>
Date: Thu, 27 May 2021 01:32:25 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/k8pM48AmsZHBlPTArIX5ZCJO0Pg>
Subject: [dns-privacy] I-D Action: draft-ietf-dprive-xfr-over-tls-12.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2021 08:32:25 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : DNS Zone Transfer-over-TLS Authors : Willem Toorop Sara Dickinson Shivan Sahib Pallavi Aras Allison Mankin Filename : draft-ietf-dprive-xfr-over-tls-12.txt Pages : 42 Date : 2021-05-27 Abstract: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995 and RFC5936 with respect to efficient use of TCP connections, and RFC7766 with respect to the recommended number of connections between a client and server for each transport. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-12 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-xfr-over-tls-12 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/
- [dns-privacy] I-D Action: draft-ietf-dprive-xfr-o… internet-drafts
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-x… sara dickinson