idnits 2.17.1 draft-yan-dprive-local-service-indication-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet has text resembling RFC 2119 boilerplate text. -- The document date (January 20, 2020) is 1530 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 4339 ** Downref: Normative reference to an Experimental RFC: RFC 8094 Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Dprive Working Group Z. Yan 3 Internet-Draft G. Geng 4 Intended status: Standards Track CNNIC 5 Expires: July 23, 2020 Y. Liu 6 CAICT 7 January 20, 2020 9 Indication of Local DNS Privacy Service During User Access 10 draft-yan-dprive-local-service-indication-01 12 Abstract 14 This document aims to support the indication of privacy service of 15 recursive resolver during the user access. 17 Requirements Language 19 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL","SHALL NOT", 20 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 21 document are to be interpreted as described in [RFC2119] 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at https://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on July 23, 2020. 40 Copyright Notice 42 Copyright (c) 2020 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (https://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 2. ICMPv6 based case . . . . . . . . . . . . . . . . . . . . . . 2 59 3. Other configuration cases . . . . . . . . . . . . . . . . . . 2 60 4. Security considerations . . . . . . . . . . . . . . . . . . . 3 61 5. Normative References . . . . . . . . . . . . . . . . . . . . 3 62 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 3 64 1. Introduction 66 In order to enhance the privacy protection in DNS, several solutions 67 have been developed to support the encrypted communications between 68 stub and recursive resolvers, such as DNS-over-DTLS [RFC8094], DNS- 69 over-TLS [RFC7858], DNS-over-QUIC and so on. However, a scheme is 70 needed in order to explicitly make the user aware of the privacy 71 service supported by the recursive resolver in order to avoid the 72 blind attempt by the user and support the user to bootstrap the 73 preferred privacy protocol more easily. This can be achieved during 74 the user initial access, using extended DHCPv6 or ICMPv6 to configure 75 its recursive resolver with related information (only IPv6 scenario 76 is considered here). 78 2. ICMPv6 based case 80 The "Recursive DNS Server Option" is defined in [RFC8106] to support 81 the user to configure DNS recursive resolver in the IPv6 SLAAC mode. 82 Then an x-bit flag in the Reserved field of "Recursive DNS Server 83 Option" can be used to indicate the privacy service of the 84 corresponding recursive resolver specified in the field of "Addresses 85 of IPv6 Recursive DNS Servers". However, if this function is used, 86 the "Addresses of IPv6 Recursive DNS Servers" should contain only one 87 address of recursive resolver. What the size of "x" and how to 88 specify the flag corresponding to the supported privacy service of 89 the recursive resolver will be detailed further. 91 3. Other configuration cases 93 The procedures based on the DHCPv6 or other configuration protocols 94 [RFC3646][RFC4339]will also be considered further. 96 4. Security considerations 98 TBA 100 5. Normative References 102 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 103 Requirement Levels", BCP 14, RFC 2119, 104 DOI 10.17487/RFC2119, March 1997, 105 . 107 [RFC3646] Droms, R., Ed., "DNS Configuration options for Dynamic 108 Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, 109 DOI 10.17487/RFC3646, December 2003, 110 . 112 [RFC4339] Jeong, J., Ed., "IPv6 Host Configuration of DNS Server 113 Information Approaches", RFC 4339, DOI 10.17487/RFC4339, 114 February 2006, . 116 [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., 117 and P. Hoffman, "Specification for DNS over Transport 118 Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May 119 2016, . 121 [RFC8094] Reddy, T., Wing, D., and P. Patil, "DNS over Datagram 122 Transport Layer Security (DTLS)", RFC 8094, 123 DOI 10.17487/RFC8094, February 2017, 124 . 126 [RFC8106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, 127 "IPv6 Router Advertisement Options for DNS Configuration", 128 RFC 8106, DOI 10.17487/RFC8106, March 2017, 129 . 131 Authors' Addresses 133 Zhiwei Yan 134 CNNIC 135 No.4 South 4th Street, Zhongguancun 136 Beijing 100190 137 China 139 EMail: yan@cnnic.cn 140 Guanggang Geng 141 CNNIC 142 No.4 South 4th Street, Zhongguancun 143 Beijing 100190 144 China 146 EMail: ggg@cnnic.cn 148 Yang Liu 149 CAICT 150 No.52, Huayuanbeilu 151 Beijing 100191 152 China 154 EMail: liuyang7@caict.ac.cn