Skip to main content

Authentication and (D)TLS Profile for DNS-over-TLS and DNS-over-DTLS

Document Type Replaced Internet-Draft (dprive WG)
Authors Sara Dickinson , Daniel Kahn Gillmor , Tirumaleswar Reddy.K
Last updated 2016-01-12 (Latest revision 2015-12-23)
Replaced by RFC 8310
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
plain text htmlized pdfized bibtex
Stream WG state Candidate for WG Adoption
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-dprive-dtls-and-tls-profiles
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:


This document describes how a DNS client can use a domain name to authenticate a DNS server that uses Transport Layer Security (TLS) and Datagram TLS (DTLS). Additionally, it defines (D)TLS profiles for DNS clients and servers implementing DNS-over-TLS and DNS-over- DTLS.


Sara Dickinson
Daniel Kahn Gillmor
Tirumaleswar Reddy.K

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)