[DNSOP] draft-hzhwm-start-tls-for-dns-00: Starting TLS over DNS

Zi Hu <zihu@usc.edu> Sat, 15 February 2014 03:03 UTC

Return-Path: <zihu@usc.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67AB41A0026 for <dnsop@ietfa.amsl.com>; Fri, 14 Feb 2014 19:03:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GoOzyJYYUA-q for <dnsop@ietfa.amsl.com>; Fri, 14 Feb 2014 19:03:33 -0800 (PST)
Received: from mail-yh0-f46.google.com (mail-yh0-f46.google.com [209.85.213.46]) by ietfa.amsl.com (Postfix) with ESMTP id B854B1A0031 for <dnsop@ietf.org>; Fri, 14 Feb 2014 19:03:33 -0800 (PST)
Received: by mail-yh0-f46.google.com with SMTP id v1so12469466yhn.33 for <dnsop@ietf.org>; Fri, 14 Feb 2014 19:03:31 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=n/IWQo+9HbsfbpaqwNwACT1D8tHmK8q7CGrSMAmO7ew=; b=Cg/HnVh1iotMUNbU2sWWWAdp2FUYAkrgk0XO8cHHolzlCp4L4nL6qG0FVeC50henDf c7LKHG1dCjEXKmOlMfHaL3ubha6Oe3Y4sOt04s17eUGK5+91z9xp0WXhtzdWSkLZQElx KSQvWYxRsmwkBOyrsLcgvkLDrUkh2ty08Sb4P4hX/kgxqADO6dB4/UXRHxEm0dTTDqnf jKhsHnGZ0u6dnBZe/1nw0AXiWOJFcuwavEYxKKgprouElgCX+6DjqS8KeP5sPiFKRSA6 Gq7OduUN9qRZoDiMQJo1Bos1T6KHbgn4I+OaVL+KV/ZxzroWKSGi0mDVLyFIed9aWggr 9wiA==
X-Gm-Message-State: ALoCoQk4kemxyL6XTLKzLClWDnxh2nBVVCBwdDIQO6tmsNzm/G0uk+yvoIBLmoOfc20IR31a1UHm
MIME-Version: 1.0
X-Received: by 10.236.129.36 with SMTP id g24mr770176yhi.103.1392433411385; Fri, 14 Feb 2014 19:03:31 -0800 (PST)
Received: by 10.170.155.70 with HTTP; Fri, 14 Feb 2014 19:03:31 -0800 (PST)
Date: Fri, 14 Feb 2014 19:03:31 -0800
Message-ID: <CAESS1RPh+UK+r=JzZ9nE_DUqcvNtZiS6TNt1CDN-C0uiU7HP=A@mail.gmail.com>
From: Zi Hu <zihu@usc.edu>
To: dnsop@ietf.org, perpass@ietf.org
Content-Type: multipart/alternative; boundary=20cf300e5761dc2b7604f2692a74
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/vY-34K9BimUwcaGfd1GzVA2Fhiw
Subject: [DNSOP] draft-hzhwm-start-tls-for-dns-00: Starting TLS over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Feb 2014 03:03:35 -0000

We recently posted draft-hzhwm-start-tls-for-dns-00 ("Starting TLS over
DNS") to explore one proposal to add standard TLS over standard DNS to
improve privacy.
http://tools.ietf.org/html/draft-hzhwm-start-tls-for-dns-00

This topic may be of interest to DNSOP and PERPASS.  Some of the authors
will be at the London IETF and can discuss it at the DNS privacy BOF if
there is interest.

An obvious concern about combining DNS and TLS is the performance
implications, both for client latency and server state.  The above i-d
focuses only on the protocol parts, but we have a separate technical
report at ftp://ftp.isi.edu/isi-pubs/tr-688.pdf that evaluates these
questions.

We would love feedback on either document.

thanks
-Zi Hu