IETF Logo Mail Archive

[rfc-dist] RFC 9539 on Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS

rfc-editor@rfc-editor.org Thu, 29 February 2024 00:02 UTC

Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: rfc-dist@ietfa.amsl.com
Delivered-To: rfc-dist@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85300C14F697; Wed, 28 Feb 2024 16:02:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.658
X-Spam-Level:
X-Spam-Status: No, score=-1.658 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fYcp2j1rarjJ; Wed, 28 Feb 2024 16:01:56 -0800 (PST)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51AE2C14F60D; Wed, 28 Feb 2024 16:01:56 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 410B819759CB; Wed, 28 Feb 2024 16:01:56 -0800 (PST)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, dns-privacy@ietf.org
Content-type: text/plain; charset="UTF-8"
Message-Id: <20240229000156.410B819759CB@rfcpa.amsl.com>
Date: Wed, 28 Feb 2024 16:01:56 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/rfc-dist/pYxbXYI-LrxwW9wetMdrnNdGGWU>
Subject: [rfc-dist] RFC 9539 on Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS
X-BeenThere: rfc-dist@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RFC Announcements <rfc-dist.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/rfc-dist>, <mailto:rfc-dist-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rfc-dist/>
List-Post: <mailto:rfc-dist@rfc-editor.org>
List-Help: <mailto:rfc-dist-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist>, <mailto:rfc-dist-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Feb 2024 00:02:00 -0000

A new Request for Comments is now available in online RFC libraries.

        
        RFC 9539

        Title:      Unilateral Opportunistic Deployment of Encrypted 
                    Recursive-to-Authoritative DNS 
        Author:     D. K. Gillmor, Ed.,
                    J. Salazar, Ed.,
                    P. Hoffman, Ed.
        Status:     Experimental
        Stream:     IETF
        Date:       February 2024
        Mailbox:    dkg@fifthhorseman.net,
                    joeygsal@gmail.com,
                    paul.hoffman@icann.org
        Pages:      24
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-ietf-dprive-unilateral-probing-13.txt

        URL:        https://www.rfc-editor.org/info/rfc9539

        DOI:        10.17487/RFC9539

This document sets out steps that DNS servers (recursive resolvers
and authoritative servers) can take unilaterally (without any
coordination with other peers) to defend DNS query privacy against a
passive network monitor. The protections provided by the guidance in
this document can be defeated by an active attacker, but they should
be simpler and less risky to deploy than more powerful defenses.

The goal of this document is to simplify and speed up deployment of
opportunistic encrypted transport in the recursive-to-authoritative
hop of the DNS ecosystem. Wider easy deployment of the underlying
encrypted transport on an opportunistic basis may facilitate the
future specification of stronger cryptographic protections against
more-powerful attacks.

This document is a product of the DNS PRIVate Exchange Working Group of the IETF.


EXPERIMENTAL: This memo defines an Experimental Protocol for the
Internet community.  It does not specify an Internet standard of any
kind. Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  https://www.ietf.org/mailman/listinfo/ietf-announce
  https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC

v2.23.0 | Report a Bug | By Email