[Int-area] FW: I-D Action: draft-rafiee-intarea-cga-tsig-09.txt
"Hosnieh Rafiee" <ietf@rozanak.com> Fri, 04 July 2014 22:09 UTC
Return-Path: <ietf@rozanak.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C8601A004A; Fri, 4 Jul 2014 15:09:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pBjDDccNi_DE; Fri, 4 Jul 2014 15:09:07 -0700 (PDT)
Received: from mail.rozanak.com (mail.rozanak.com [IPv6:2a01:238:42ad:1500:aa19:4238:e48f:61cf]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D95C1A006E; Fri, 4 Jul 2014 15:09:07 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mail.rozanak.com (Postfix) with ESMTP id E55905660918; Fri, 4 Jul 2014 22:09:04 +0000 (UTC)
X-Virus-Scanned: amavisd-new at rozanak.com
Received: from mail.rozanak.com ([127.0.0.1]) by localhost (mail.iknowlaws.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yMgghojN0Wwx; Sat, 5 Jul 2014 00:08:34 +0200 (CEST)
Received: from kopoli (p20030061E90AFFAC8D4E1D85F2E047C9.dip0.t-ipconnect.de [IPv6:2003:61:e90a:ffac:8d4e:1d85:f2e0:47c9]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.rozanak.com (Postfix) with ESMTPSA id 9348C5660915; Sat, 5 Jul 2014 00:08:33 +0200 (CEST)
From: Hosnieh Rafiee <ietf@rozanak.com>
To: DNSOP@ietf.org, Int-area@ietf.org
References: <20140704185241.22313.33681.idtracker@ietfa.amsl.com>
In-Reply-To: <20140704185241.22313.33681.idtracker@ietfa.amsl.com>
Date: Sat, 05 Jul 2014 00:08:31 +0200
Message-ID: <002401cf97d4$7efc5240$7cf4f6c0$@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQH4ZRaK3uYHNu+FWjlafi+jdaEVHJs+3JJg
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/int-area/y8h5RVSmTspu-OizcNw_JMVmxlk
Subject: [Int-area] FW: I-D Action: draft-rafiee-intarea-cga-tsig-09.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jul 2014 22:09:09 -0000
Folks, We removed a few editorial problems and applied the comments of some folks who sent their comments offlist. I just briefly explain the purpose of this document. - The name of this document is CGA-TSIG but it does not mean that it only supports iPv6 or it only uses CGA. The name was taken from the first versions of this draft and continued to appear on other version (it is a symbolic name) So at the moment this draft supports IPv6 and IPv4 enabled network. It uses two almost similar algorithms for two different purposes, one for only DNS secure authentication and automation of this process and the other for both DNS secure authentication and DNS privacy and data encryption. - For DNS privacy we only use the public key cryptography to encrypt a 16 byte secret key and exchange it to other nodes. After that the symmetric algorithm is used for the encryption of the whole DNS message. It then adds a new header for the verifier node. - In this version I also included a figure that shows the whole process for an example scenario (resolver to stub resolver DNS privacy and authentication) We love to receive your comments to improve this document. The purpose of this document is to address the problem exists with the current DNS mechanisms and also provide a solution for DNS privacy without chaning DNS protocol. Thank you, Best, Hosnieh -----Original Message----- From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] Sent: Friday, July 04, 2014 8:53 PM To: i-d-announce@ietf.org Subject: I-D Action: draft-rafiee-intarea-cga-tsig-09.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : CGA-TSIG/e: Algorithms for Secure DNS Authentication and DNS Confidentiality Authors : Hosnieh Rafiee Martin von Loewis Christoph Meinel Filename : draft-rafiee-intarea-cga-tsig-09.txt Pages : 33 Date : 2014-07-04 Abstract: This document describes a new mechanism for secure DNS authentication and DNS data confidentiality. The purpose of this document is to reduce human interaction during different DNS scenarios such as the communications of resolvers to stub resolvers, recursive resolvers to Authoritative Name Server, Dynamic DNS updates, (especially updating PTR and FQDN records (RFC4703)) and zone transfers. This document supports both IPv4 and IPv6 enabled networks. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-rafiee-intarea-cga-tsig/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-rafiee-intarea-cga-tsig-09 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-rafiee-intarea-cga-tsig-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/
- [Int-area] FW: I-D Action: draft-rafiee-intarea-c… Hosnieh Rafiee