Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS
draft-dkgjsal-dprive-unilateral-probing-02
| Document | Type | Replaced Internet-Draft (dprive WG) | |
|---|---|---|---|
| Authors | Daniel Kahn Gillmor , Joey Salazar | ||
| Last updated | 2022-02-27 (Latest revision 2022-01-26) | ||
| Replaced by | draft-ietf-dprive-unilateral-probing | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
plain text
html
xml
htmlized
pdfized
bibtex
|
||
| Stream | WG state | Adopted by a WG | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-dprive-unilateral-probing | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-dkgjsal-dprive-unilateral-probing-02.txt
Abstract
This draft sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this draft can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The draft also introduces (but does not try to specify) the semantics of signalling that would permit defense against an active attacker. The goal of this draft is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. With wider easy deployment of the underlying transport on an opportunistic basis, we hope to facilitate the future specification of stronger cryptographic protections against more powerful attacks.
Authors
Daniel Kahn Gillmor
Joey Salazar
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)