[secdir] [new-work] WG Review: Adaptive DNS Discovery (add)
The IESG <iesg@ietf.org> Fri, 07 February 2020 17:20 UTC
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AC5EC1208A8; Fri, 7 Feb 2020 09:20:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1581096036; bh=kNQyzC/Vr9J9FTvoD3SAL0F6m3aP1WfeATRLjmNIAwo=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=C8COtWafGUbGTy3BJieaeqWHrKaNGsnWnQyC0FnXk3FTmABOYY5OA7g5EoW0KnWGg V/b2RMMdPDUGnJp8WkRxFe1UG46zVAdLr9YZjxpQjEv6TMh8K4CnpJ2bhtho7YRB5S P+djtT5scbyLHGRTtJk9/twAiflYNgwCBFssfRnw=
X-Mailbox-Line: From new-work-bounces@ietf.org Fri Feb 7 09:20:33 2020
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 168781208AF; Fri, 7 Feb 2020 09:20:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1581096032; bh=kNQyzC/Vr9J9FTvoD3SAL0F6m3aP1WfeATRLjmNIAwo=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=lAX6Y+JPUgb9xrnhsqGCt3Nl9SbQK82nu6dmchQELTwFDyD5iSVPHBoH2CQuq7pHF X4KAJ1US05CP6RmJ8BObaa9ivvWYdXwzzA270hgUmAdQYjmaS6ynTtPf34vxtghcj8 5quqDK7GpuGuGSkmZfqQw2PHWH+aw2E2UrRNLw/4=
X-Original-To: new-work@ietf.org
Delivered-To: new-work@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BAD412098C for <new-work@ietf.org>; Fri, 7 Feb 2020 09:20:21 -0800 (PST)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.117.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply_to: <iesg@ietf.org>
MIME-Version: 1.0
Message-ID: <158109602130.11739.2560157846068050808.idtracker@ietfa.amsl.com>
Date: Fri, 07 Feb 2020 09:20:21 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/new-work/UUQQ4UOdQZP5DpBw8d_VtIkuuEY>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.29
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: new-work-bounces@ietf.org
Sender: new-work <new-work-bounces@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/VoMO18gr6DokCDCWxH6kpvrZxZA>
X-Mailman-Approved-At: Fri, 07 Feb 2020 09:56:26 -0800
Subject: [secdir] [new-work] WG Review: Adaptive DNS Discovery (add)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2020 17:20:40 -0000
A new IETF WG has been proposed in the Applications and Real-Time Area. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2020-02-17. Adaptive DNS Discovery (add) ----------------------------------------------------------------------- Current status: Proposed WG Chairs: David Lawrence <tale@dd.org> Glenn Deen <rgd.ietf@gmail.com> Assigned Area Director: Barry Leiba <barryleiba@computer.org> Applications and Real-Time Area Directors: Adam Roach <adam@nostrum.com> Alexey Melnikov <aamelnikov@fastmail.fm> Barry Leiba <barryleiba@computer.org> Mailing list: Address: add@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/add Archive: https://mailarchive.ietf.org/arch/browse/add/ Group page: https://datatracker.ietf.org/group/add/ Charter: https://datatracker.ietf.org/doc/charter-ietf-add/ Adaptive DNS Discovery (ADD) ==================================== Proposed Working Group Charter Sending DNS messages over encrypted transports, as defined in DNS over TLS (DoT) [RFC 7858] and DNS over HTTPS (DoH) [RFC 8484], provides benefits to the security and privacy of DNS data. Clients, such as applications and host operating systems, have started adopting these protocols to provide these user benefits. This working group will focus on discovery and selection of DNS resolvers by DNS clients in a variety of networking environments, including public networks, private networks, and VPNs, supporting both encrypted and unencrypted resolvers. It is chartered solely to develop technical mechanisms. Making any recommendations about specific policies for clients or servers is out of scope. Clients adopting encrypted DNS protocols need to determine which DNS servers support those protocols, and which server to use for specific queries if multiple servers are available. These decisions can vary based on the network environment, and also based on the content and purpose of the client queries. Network operators that start offering DNS encryption on their servers also need a way to indicate this support to clients. Communicating information about resolver configuration and behavior allows clients to make more informed decisions about which DNS servers to use. For example, a resolver may be able to resolve private or local names as a split DNS server. The Adaptive DNS Discovery (ADD) working group will work on the following deliverables: - Define a mechanism that allows clients to discover DNS resolvers that support encryption and that are available to the client either on the public Internet or on private or local networks. - Define a mechanism that allows communication of DNS resolver information to clients for use in selection decisions. This could be part of the mechanism used for discovery, above. - Develop an informational document that describes mechanisms for clients to detect specific network environments (such as captive portal and split horizon) and to use that information to inform their DNS configuration. This working group will coordinate with dnsop, doh, and dprive for any changes required in DNS protocols and will make sure that those groups are included in major document reviews at appropriate times. It will also work with capport to ensure that solutions are applicable to captive networks. Milestones: TBD _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work