IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-tcp-requirements-05.txt

"Wessels, Duane" <dwessels@verisign.com> Sat, 02 November 2019 18:18 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFC071200F8 for <dnsop@ietfa.amsl.com>; Sat, 2 Nov 2019 11:18:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PwHT5m-NIX2z for <dnsop@ietfa.amsl.com>; Sat, 2 Nov 2019 11:18:00 -0700 (PDT)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F090612002E for <dnsop@ietf.org>; Sat, 2 Nov 2019 11:17:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=9169; q=dns/txt; s=VRSN; t=1572718681; h=from:to:date:message-id:references:in-reply-to: mime-version:subject; bh=EpgXvYT7TUy8L7xxoTu8RzvdCsjjDXE5ZRDAM08lZ44=; b=iWoxscOZ8xd+rOOH27WAwCzztyTxlvP2vjppRIbOwr1l/igUMfgX/31F ig22Axh4NANB78O/FRnYNvbZ7NI/rgv93y1lDORJfjSn730kndJT6fUDu 2VFRLPC13u3cjtwfNVyoTntTzrBxKYLRmnSBYGwFAQI9T0GAcSSMRBxFP NuTaYjI0qV1IcfjclSQ1eogvahZaIOc9N+2GLiGukeGLU9ntmtG9EkG73 qlUjIGCUjde8m3YPeETv/y3uyQC6/cxuLYuN5t2KmiXGzA9zTtk1u3kKj LV9DEFAqTt67BbQkWZQwzYTlN0is35qpAmdXpeIcT+W9gKGqKeVr6iUDg w==;
X-IronPort-AV: E=Sophos; i="5.68,260,1569283200"; d="p7s'?scan'208"; a="9533322"
IronPort-PHdr: =?us-ascii?q?9a23=3A6yIDhRyRHZn/3BLXCy+O+j09IxM/srCxBDY+r6?= =?us-ascii?q?Qd2+0fIJqq85mqBkHD//Il1AaPAdyArasc2qGP6/CocFdDyK7JiGoFfp1IWk?= =?us-ascii?q?1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBA?= =?us-ascii?q?j0OxZrKeTpAI7SiNm82/yv95HJbAhEmTSwbalvIBmqqQjdudQajZdhJ60s1h?= =?us-ascii?q?bHv3xEdvhMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW?= =?us-ascii?q?874s3rrgTDQhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VD?= =?us-ascii?q?q+46t3ThLjlSEKPCM7/m7KkMx9lKJVrgy8qRxjzYDaY4+VO/h5cKPcYdwVSn?= =?us-ascii?q?FMXslNWyxEGI68b5cDA/QHMO1Fr4f9vVwOrR6mCAWiBOzg1CRIhmTo0q0+yO?= =?us-ascii?q?QtCRzN0gI9H90UtnTbstv5P7oVXO+owqjH0y7Db+hI1jf584jFaQ4hru+WXb?= =?us-ascii?q?JxasrRyEYvFwXfglqMrozlOiqY2+IQuGaV6OpgUPigi28hqwxpozig2Nssio?= =?us-ascii?q?fTioIS0FDE+iN0y5s2K92gUEN3fMKoHIFNuyyYOYZ6WN4uTmFmtSogxbALuo?= =?us-ascii?q?a3cDUWxJg92hLSaeCLf5KV7h/sV+udOyp0iXF9dLKxmRm/8lSsx+j5W8au01?= =?us-ascii?q?tHqjFKn9zCu3wTyhPe682KReB580qg2zuC0g7e5+9GLE8pk6fQNoQvzaQqlp?= =?us-ascii?q?UJtETOBir2mELrg6CIbkgk4e2o6/j/YrXhu5+cK5d4igHgPaQqncyyGfk1PB?= =?us-ascii?q?QWUWSG+euyzLLt8kzlTLlXlPE2jLXWsJfAJcQDvKK2GRJa3pw96xalFDem1s?= =?us-ascii?q?4UkmUALFJAYB6Hjo7pNE/SIP3gEPuzn06gnCppyv3IJLHtH5XAI3bZnLrufr?= =?us-ascii?q?tx80tcxxAyzdBb6ZJUELYBIPfrV0Dsut3XEAQ5MxeqzObjE9VwzZ0eVnyVAq?= =?us-ascii?q?+YK6PSsFCI5uQ1L+aQY48VvS7xK+I56P72kX85hVgdcLG00psRc3C4GexmLl?= =?us-ascii?q?6YYXXyntcBH30Gvg0kTOzl2xW+VmsZa3CpWLoU5zwnBsShF4iJDtShhqeGxA?= =?us-ascii?q?+6E4FYIGdcBQbfP23vctDOZPoXcy+WOYspviENU7XrA9styhy1rwL+0JJ5I/?= =?us-ascii?q?DV4SwXs9To090jtL6brg076TEhV5fV6GqKVWwhxm4=3D?=
X-IPAS-Result: =?us-ascii?q?A2HxAgCBx71d/zCZrQplHAEBAQEBBwEBEQEEBAEBgX2DD?= =?us-ascii?q?CuBBgqVOYNqlVWBZwkBAQEBAQEBAQEDBAEYDQoBAQKEPgKEIDgTAg4BAQEEA?= =?us-ascii?q?QEBAQEFAwEBAQKGIAELgjsiamsBAQEBAQEBAQEBAQEBAQEBAQEBFgJDVRIBA?= =?us-ascii?q?R0BAQEBAgEBAWUHEAsCAQgYLgIlCyUCBBMOgxQBglcRHq92gieEPQIOQUCEc?= =?us-ascii?q?BCBNoFTg0eGXDWBQT6BOB+CTD6CYgEBAgEBFoELO4NDgiwElVmYGQMHgiSDR?= =?us-ascii?q?oIzgRiOQII8coZoj0+OQogujhKDFwIEAgQFAhWBaYF7cBUaISoBgkEJNRIRF?= =?us-ascii?q?IwNhT90jV+BDgEB?=
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Sat, 2 Nov 2019 14:17:55 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1779.002; Sat, 2 Nov 2019 14:17:55 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [EXTERNAL] [DNSOP] I-D Action: draft-ietf-dnsop-dns-tcp-requirements-05.txt
Thread-Index: AQHVkaiHMstqkTAfdE+fmU1aAK+sVad4c20A
Date: Sat, 2 Nov 2019 18:17:55 +0000
Message-ID: <D608BC6F-AD66-4A2A-AE4A-2D306F7FC05E@verisign.com>
References: <157271808929.6094.7926587135820341966@ietfa.amsl.com>
In-Reply-To: <157271808929.6094.7926587135820341966@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.9.1)
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_060F6811-75BF-4F05-B810-BAC57DDCD4E4"; protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/rFH6dI4hksa0Sz0danMKop9Yxvo>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-tcp-requirements-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Nov 2019 18:18:02 -0000

Hello dnsop,

This draft has been updated with the following changes since -04:

- added DNS-over-TLS to the abstract
- added recent discussions about avoiding fragmentation in DNS
- changed "SHOULD use TFO" to "MAY use TFO" due to concerns expressed in the WG
- changed discussion of KSK rollover to past tense
- added privacy consideration text
- added a few new references

The authors would like to take this draft to working group last call.

DW


> On Nov 2, 2019, at 1:08 PM, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Domain Name System Operations WG of the IETF.
> 
>        Title           : DNS Transport over TCP - Operational Requirements
>        Authors         : John Kristoff
>                          Duane Wessels
> 	Filename        : draft-ietf-dnsop-dns-tcp-requirements-05.txt
> 	Pages           : 26
> 	Date            : 2019-11-02
> 
> Abstract:
>   This document encourages the practice of permitting DNS messages to
>   be carried over TCP on the Internet.  This includes both DNS over
>   unencrypted TCP, as well as over an encrypted TLS session.  The
>   document also considers the consequences with this form of DNS
>   communication and the potential operational issues that can arise
>   when this best common practice is not upheld.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-tcp-requirements/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-dnsop-dns-tcp-requirements-05
> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-tcp-requirements-05
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dns-tcp-requirements-05
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

v2.1.5 | Report a Bug | By Email