Diff: draft-ietf-dprive-dns-over-tls-06.txt - draft-ietf-dprive-dns-over-tls-07.txt

	< draft-ietf-dprive-dns-over-tls-06.txt	draft-ietf-dprive-dns-over-tls-07.txt >

	Network Working Group Z. Hu	Network Working Group Z. Hu
	Internet-Draft L. Zhu	Internet-Draft L. Zhu
	Intended status: Standards Track J. Heidemann	Intended status: Standards Track J. Heidemann

	Expires: August 25, 2016 USC/Information Sciences	Expires: September 2, 2016 USC/Information Sciences
	Institute	Institute
	A. Mankin	A. Mankin


	D. Wessels	D. Wessels
	Verisign Labs	Verisign Labs
	P. Hoffman	P. Hoffman
	ICANN	ICANN

	February 22, 2016	March 1, 2016

	Specification for DNS over TLS	Specification for DNS over TLS

	draft-ietf-dprive-dns-over-tls-06	draft-ietf-dprive-dns-over-tls-07

	Abstract	Abstract

	This document describes the use of TLS to provide privacy for DNS.	This document describes the use of TLS to provide privacy for DNS.
	Encryption provided by TLS eliminates opportunities for eavesdropping	Encryption provided by TLS eliminates opportunities for eavesdropping
	and on-path tampering with DNS queries in the network, such as	and on-path tampering with DNS queries in the network, such as
	discussed in [RFC7258]. In addition, this document specifies two	discussed in [RFC7258]. In addition, this document specifies two
	usage profiles for DNS-over-TLS and provides advice on performance	usage profiles for DNS-over-TLS and provides advice on performance
	considerations to minimize overhead from using TCP and TLS with DNS.	considerations to minimize overhead from using TCP and TLS with DNS.


	skipping to change at page 2, line 7 ¶	skipping to change at page 2, line 8 ¶
	Internet-Drafts are working documents of the Internet Engineering	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.	Drafts is at http://datatracker.ietf.org/drafts/current/.

	Internet-Drafts are draft documents valid for a maximum of six months	Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."	material or to cite them other than as "work in progress."


	This Internet-Draft will expire on August 25, 2016.	This Internet-Draft will expire on September 2, 2016.

	Copyright Notice	Copyright Notice

	Copyright (c) 2016 IETF Trust and the persons identified as the	Copyright (c) 2016 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents	Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of	(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents	publication of this document. Please review these documents

	skipping to change at page 14, line 23 ¶	skipping to change at page 14, line 23 ¶

	The below individuals contributed significantly to the draft. The	The below individuals contributed significantly to the draft. The
	RFC Editor prefers a maximum of 5 names on the front page, and so we	RFC Editor prefers a maximum of 5 names on the front page, and so we
	have listed additional authors in this section.	have listed additional authors in this section.

	Sara Dickinson	Sara Dickinson
	Sinodun Internet Technologies	Sinodun Internet Technologies
	Magdalen Centre	Magdalen Centre
	Oxford Science Park	Oxford Science Park
	Oxford OX4 4GA	Oxford OX4 4GA

	UK	United Kingdom
	Email: sara@sinodun.com	Email: sara@sinodun.com
	URI: http://sinodun.com	URI: http://sinodun.com

	Daniel Kahn Gillmor	Daniel Kahn Gillmor
	ACLU	ACLU
	125 Broad Street, 18th Floor	125 Broad Street, 18th Floor
	New York, NY 10004	New York, NY 10004

	USA	United States

	11. Acknowledgments	11. Acknowledgments

	The authors would like to thank Stephane Bortzmeyer, John Dickinson,	The authors would like to thank Stephane Bortzmeyer, John Dickinson,
	Brian Haberman, Christian Huitema, Shumon Huque, Kim-Minh Kaplan,	Brian Haberman, Christian Huitema, Shumon Huque, Kim-Minh Kaplan,
	Simon Joseffson, Simon Kelley, Warren Kumari, John Levine, Ilari	Simon Joseffson, Simon Kelley, Warren Kumari, John Levine, Ilari
	Liusvaara, Bill Manning, George Michaelson, Eric Osterweil, Jinmei	Liusvaara, Bill Manning, George Michaelson, Eric Osterweil, Jinmei
	Tatuya, Tim Wicinski, and Glen Wiley for reviewing this Internet-	Tatuya, Tim Wicinski, and Glen Wiley for reviewing this Internet-
	draft. They also thank Nikita Somaiya for early work on this idea.	draft. They also thank Nikita Somaiya for early work on this idea.


	skipping to change at page 19, line 27 ¶	skipping to change at page 19, line 27 ¶
	If none of the SPKIs in the cryptographically-valid chain of certs	If none of the SPKIs in the cryptographically-valid chain of certs
	match any pin in the pinset, the client closes the connection with an	match any pin in the pinset, the client closes the connection with an
	error, and marks the IP address as failed.	error, and marks the IP address as failed.

	Authors' Addresses	Authors' Addresses

	Zi Hu	Zi Hu
	USC/Information Sciences Institute	USC/Information Sciences Institute
	4676 Admiralty Way, Suite 1133	4676 Admiralty Way, Suite 1133
	Marina del Rey, CA 90292	Marina del Rey, CA 90292

	USA	United States


	Phone: +1 213 587-1057	Phone: +1 213 587 1057
	Email: zihu@usc.edu	Email: zihu@usc.edu

	Liang Zhu	Liang Zhu
	USC/Information Sciences Institute	USC/Information Sciences Institute
	4676 Admiralty Way, Suite 1133	4676 Admiralty Way, Suite 1133
	Marina del Rey, CA 90292	Marina del Rey, CA 90292

	USA	United States


	Phone: +1 310 448-8323	Phone: +1 310 448 8323
	Email: liangzhu@usc.edu	Email: liangzhu@usc.edu

	John Heidemann	John Heidemann
	USC/Information Sciences Institute	USC/Information Sciences Institute
	4676 Admiralty Way, Suite 1001	4676 Admiralty Way, Suite 1001
	Marina del Rey, CA 90292	Marina del Rey, CA 90292

	USA	United States


	Phone: +1 310 822-1511	Phone: +1 310 822 1511
	Email: johnh@isi.edu	Email: johnh@isi.edu
	Allison Mankin	Allison Mankin

	Verisign Labs
	12061 Bluemont Way
	Reston, VA 20190


	Phone: +1 703 948-3200	Phone: +1 301 728 7198
	Email: amankin@verisign.com	Email: Allison.mankin@gmail.com

	Duane Wessels	Duane Wessels
	Verisign Labs	Verisign Labs
	12061 Bluemont Way	12061 Bluemont Way
	Reston, VA 20190	Reston, VA 20190

		United States


	Phone: +1 703 948-3200	Phone: +1 703 948 3200
	Email: dwessels@verisign.com	Email: dwessels@verisign.com

	Paul Hoffman	Paul Hoffman
	ICANN	ICANN

	Email: paul.hoffman@icann.org	Email: paul.hoffman@icann.org

End of changes. 17 change blocks.
	18 lines changed or deleted	17 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/