draft-ietf-dprive-dns-over-tls-06.txt | draft-ietf-dprive-dns-over-tls-07.txt | |||
---|---|---|---|---|
Network Working Group Z. Hu | Network Working Group Z. Hu | |||
Internet-Draft L. Zhu | Internet-Draft L. Zhu | |||
Intended status: Standards Track J. Heidemann | Intended status: Standards Track J. Heidemann | |||
Expires: August 25, 2016 USC/Information Sciences | Expires: September 2, 2016 USC/Information Sciences | |||
Institute | Institute | |||
A. Mankin | A. Mankin | |||
D. Wessels | D. Wessels | |||
Verisign Labs | Verisign Labs | |||
P. Hoffman | P. Hoffman | |||
ICANN | ICANN | |||
February 22, 2016 | March 1, 2016 | |||
Specification for DNS over TLS | Specification for DNS over TLS | |||
draft-ietf-dprive-dns-over-tls-06 | draft-ietf-dprive-dns-over-tls-07 | |||
Abstract | Abstract | |||
This document describes the use of TLS to provide privacy for DNS. | This document describes the use of TLS to provide privacy for DNS. | |||
Encryption provided by TLS eliminates opportunities for eavesdropping | Encryption provided by TLS eliminates opportunities for eavesdropping | |||
and on-path tampering with DNS queries in the network, such as | and on-path tampering with DNS queries in the network, such as | |||
discussed in [RFC7258]. In addition, this document specifies two | discussed in [RFC7258]. In addition, this document specifies two | |||
usage profiles for DNS-over-TLS and provides advice on performance | usage profiles for DNS-over-TLS and provides advice on performance | |||
considerations to minimize overhead from using TCP and TLS with DNS. | considerations to minimize overhead from using TCP and TLS with DNS. | |||
skipping to change at page 2, line 7 | skipping to change at page 2, line 8 | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on August 25, 2016. | This Internet-Draft will expire on September 2, 2016. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 14, line 23 | skipping to change at page 14, line 23 | |||
The below individuals contributed significantly to the draft. The | The below individuals contributed significantly to the draft. The | |||
RFC Editor prefers a maximum of 5 names on the front page, and so we | RFC Editor prefers a maximum of 5 names on the front page, and so we | |||
have listed additional authors in this section. | have listed additional authors in this section. | |||
Sara Dickinson | Sara Dickinson | |||
Sinodun Internet Technologies | Sinodun Internet Technologies | |||
Magdalen Centre | Magdalen Centre | |||
Oxford Science Park | Oxford Science Park | |||
Oxford OX4 4GA | Oxford OX4 4GA | |||
UK | United Kingdom | |||
Email: sara@sinodun.com | Email: sara@sinodun.com | |||
URI: http://sinodun.com | URI: http://sinodun.com | |||
Daniel Kahn Gillmor | Daniel Kahn Gillmor | |||
ACLU | ACLU | |||
125 Broad Street, 18th Floor | 125 Broad Street, 18th Floor | |||
New York, NY 10004 | New York, NY 10004 | |||
USA | United States | |||
11. Acknowledgments | 11. Acknowledgments | |||
The authors would like to thank Stephane Bortzmeyer, John Dickinson, | The authors would like to thank Stephane Bortzmeyer, John Dickinson, | |||
Brian Haberman, Christian Huitema, Shumon Huque, Kim-Minh Kaplan, | Brian Haberman, Christian Huitema, Shumon Huque, Kim-Minh Kaplan, | |||
Simon Joseffson, Simon Kelley, Warren Kumari, John Levine, Ilari | Simon Joseffson, Simon Kelley, Warren Kumari, John Levine, Ilari | |||
Liusvaara, Bill Manning, George Michaelson, Eric Osterweil, Jinmei | Liusvaara, Bill Manning, George Michaelson, Eric Osterweil, Jinmei | |||
Tatuya, Tim Wicinski, and Glen Wiley for reviewing this Internet- | Tatuya, Tim Wicinski, and Glen Wiley for reviewing this Internet- | |||
draft. They also thank Nikita Somaiya for early work on this idea. | draft. They also thank Nikita Somaiya for early work on this idea. | |||
skipping to change at page 19, line 27 | skipping to change at page 19, line 27 | |||
If none of the SPKIs in the cryptographically-valid chain of certs | If none of the SPKIs in the cryptographically-valid chain of certs | |||
match any pin in the pinset, the client closes the connection with an | match any pin in the pinset, the client closes the connection with an | |||
error, and marks the IP address as failed. | error, and marks the IP address as failed. | |||
Authors' Addresses | Authors' Addresses | |||
Zi Hu | Zi Hu | |||
USC/Information Sciences Institute | USC/Information Sciences Institute | |||
4676 Admiralty Way, Suite 1133 | 4676 Admiralty Way, Suite 1133 | |||
Marina del Rey, CA 90292 | Marina del Rey, CA 90292 | |||
USA | United States | |||
Phone: +1 213 587-1057 | Phone: +1 213 587 1057 | |||
Email: zihu@usc.edu | Email: zihu@usc.edu | |||
Liang Zhu | Liang Zhu | |||
USC/Information Sciences Institute | USC/Information Sciences Institute | |||
4676 Admiralty Way, Suite 1133 | 4676 Admiralty Way, Suite 1133 | |||
Marina del Rey, CA 90292 | Marina del Rey, CA 90292 | |||
USA | United States | |||
Phone: +1 310 448-8323 | Phone: +1 310 448 8323 | |||
Email: liangzhu@usc.edu | Email: liangzhu@usc.edu | |||
John Heidemann | John Heidemann | |||
USC/Information Sciences Institute | USC/Information Sciences Institute | |||
4676 Admiralty Way, Suite 1001 | 4676 Admiralty Way, Suite 1001 | |||
Marina del Rey, CA 90292 | Marina del Rey, CA 90292 | |||
USA | United States | |||
Phone: +1 310 822-1511 | Phone: +1 310 822 1511 | |||
Email: johnh@isi.edu | Email: johnh@isi.edu | |||
Allison Mankin | Allison Mankin | |||
Verisign Labs | ||||
12061 Bluemont Way | ||||
Reston, VA 20190 | ||||
Phone: +1 703 948-3200 | Phone: +1 301 728 7198 | |||
Email: amankin@verisign.com | Email: Allison.mankin@gmail.com | |||
Duane Wessels | Duane Wessels | |||
Verisign Labs | Verisign Labs | |||
12061 Bluemont Way | 12061 Bluemont Way | |||
Reston, VA 20190 | Reston, VA 20190 | |||
United States | ||||
Phone: +1 703 948-3200 | Phone: +1 703 948 3200 | |||
Email: dwessels@verisign.com | Email: dwessels@verisign.com | |||
Paul Hoffman | Paul Hoffman | |||
ICANN | ICANN | |||
Email: paul.hoffman@icann.org | Email: paul.hoffman@icann.org | |||
End of changes. 17 change blocks. | ||||
18 lines changed or deleted | 17 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |