[DNSOP] please review - DNS data integrity and confidentiality
"Hosnieh Rafiee" <ietf@rozanak.com> Mon, 03 March 2014 19:35 UTC
Return-Path: <ietf@rozanak.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 671001A00D7; Mon, 3 Mar 2014 11:35:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FBT5Nt2BvBCt; Mon, 3 Mar 2014 11:35:45 -0800 (PST)
Received: from mail.rozanak.com (mail.rozanak.com [IPv6:2a01:238:42ad:1500:aa19:4238:e48f:61cf]) by ietfa.amsl.com (Postfix) with ESMTP id 5EE731A030D; Mon, 3 Mar 2014 11:35:45 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.rozanak.com (Postfix) with ESMTP id 121EE23E2D59; Mon, 3 Mar 2014 19:35:42 +0000 (UTC)
X-Virus-Scanned: amavisd-new at rozanak.com
Received: from mail.rozanak.com ([127.0.0.1]) by localhost (mail.iknowlaws.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EWQB3SCHfICr; Mon, 3 Mar 2014 20:35:40 +0100 (CET)
Received: from kopoli (g226063187.adsl.alicedsl.de [92.226.63.187]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.rozanak.com (Postfix) with ESMTPSA id 1168B23E2D58; Mon, 3 Mar 2014 20:35:40 +0100 (CET)
From: Hosnieh Rafiee <ietf@rozanak.com>
To: DNSOP@ietf.org, dnsext@ietf.org, Int-area@ietf.org
Date: Mon, 03 Mar 2014 20:35:38 +0100
Message-ID: <00a201cf3717$c16b6490$44422db0$@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac83F74owTVGJeQTQyerKFVPi2+p0A==
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/7hDjQxuWkQBuwtDBWrjK0CsTKdQ
Subject: [DNSOP] please review - DNS data integrity and confidentiality
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Mar 2014 19:35:47 -0000
Dear All, CGA-TSIG (http://tools.ietf.org/html/draft-rafiee-intarea-cga-tsig ) will be presented as a last item of intarea (Session 2014-03-04 1300-1400: Viscount) intarea WG Agenda IETF 89 TUESDAY, March 4, 2014 1300-1400 Tuesday Afternoon Session I I ask you all, DNS experts, please review this draft and attend intarea session (tomorrow , Tuesday, at 13:00 - 14:00). Even though you might have a meeting, please try to attend the 15 last minutes of intarea since it will be the last item that will be presented there. Please consider reviewing this draft so that we have fruitful discussions :-) For those who didn't read my long note: The area that this draft covers - secure authentication during different scenarios especially the authentication of the resolvers, without extra efforts, and by the support of this algorithm or during updating PTR or FQDN record in a secure manner. - privacy and confidentiality: People in IETF are looking for a solution for confidentiality as I heard discussion in this group and application area. This can be a solution for this. This is especially helpful in the unsecure environment where you want to have a privacy while browsing different websites. So you need to have a data encryption between the resolver and your computer. What your computer need to know is only the IP address of the resolver, CGA-TSIG handle the other parts. :-) The other use case for confidentiality is in a zone transfer scenario or dynamic update. The data exchange between the master and slave should be encrypted to keep these data from prying eyes. So, this draft answers to the need of both data integrity and confidentiality and prevent IP spoofing without extra effort. Hope to see you all tomorrow :-) Thanks, Hosnieh
- [DNSOP] please review - DNS data integrity and co… Hosnieh Rafiee
- Re: [DNSOP] [dnsext] please review - DNS data int… Hosnieh Rafiee