DNS over Datagram Transport Layer Security (DTLS)
draft-ietf-dprive-dnsodtls-15
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2017-02-23
|
15 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2017-02-15
|
15 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2017-02-09
|
15 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2017-02-01
|
15 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2017-01-31
|
15 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2017-01-23
|
15 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2017-01-23
|
15 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2017-01-20
|
15 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2017-01-17
|
15 | (System) | RFC Editor state changed to EDIT |
2017-01-17
|
15 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2017-01-17
|
15 | (System) | Announcement was received by RFC Editor |
2017-01-17
|
15 | (System) | IANA Action state changed to In Progress |
2017-01-17
|
15 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2017-01-17
|
15 | Amy Vezza | IESG has approved the document |
2017-01-17
|
15 | Amy Vezza | Closed "Approve" ballot |
2017-01-16
|
15 | Terry Manderson | RFC Editor Note was changed |
2017-01-16
|
15 | Terry Manderson | RFC Editor Note was changed |
2017-01-16
|
15 | Terry Manderson | RFC Editor Note for ballot was generated |
2017-01-16
|
15 | Terry Manderson | RFC Editor Note for ballot was generated |
2017-01-16
|
15 | Terry Manderson | Ballot writeup was changed |
2017-01-11
|
15 | Martin Stiemerling | Closed request for Telechat review by TSVART with state 'Overtaken by Events' |
2017-01-03
|
15 | Terry Manderson | RFC Editor Note for ballot was generated |
2016-12-29
|
15 | Amy Vezza | RFC Editor Note for ballot was generated |
2016-12-29
|
15 | Amy Vezza | Ballot approval text was generated |
2016-12-29
|
15 | Amy Vezza | IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup |
2016-12-27
|
15 | Terry Manderson | Note added 'This DTLS solution was considered by the DPRIVE working group as a potential option to use in case that the TLS based approach … Note added 'This DTLS solution was considered by the DPRIVE working group as a potential option to use in case that the TLS based approach specified in RFC7858 is shown to have detrimental deployment issues. At the time of writing, it was expected that RFC7858 will be deployed, and so this specification is primarily intended as a backup and has therefore been designated as experimental. This solution should not be deployed in the wild while in this experimental state as an RFC, however experimentation is encouraged.' |
2016-12-22
|
15 | Tero Kivinen | Closed request for Last Call review by SECDIR with state 'No Response' |
2016-12-16
|
15 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-15.txt |
2016-12-16
|
15 | (System) | New version approved |
2016-12-16
|
15 | (System) | Request for posting confirmation emailed to previous authors: "Prashanth Patil" , "Tirumaleswar Reddy" , "Dan Wing" |
2016-12-16
|
15 | Tirumaleswar Reddy.K | Uploaded new revision |
2016-12-16
|
14 | Stephen Farrell | [Ballot comment] Thanks for addressing my comments (and also for doing that speedily before I'd forgotten whatever it was I meant by them:-) S. |
2016-12-16
|
14 | Stephen Farrell | [Ballot Position Update] Position for Stephen Farrell has been changed to Yes from Discuss |
2016-12-15
|
14 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2016-12-15
|
14 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2016-12-15
|
14 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-14.txt |
2016-12-15
|
14 | (System) | New version approved |
2016-12-15
|
14 | (System) | Request for posting confirmation emailed to previous authors: "Prashanth Patil" , "Dan Wing" , "Tirumaleswar Reddy" , dprive-chairs@ietf.org |
2016-12-15
|
14 | Tirumaleswar Reddy.K | Uploaded new revision |
2016-12-15
|
13 | Cindy Morgan | IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation |
2016-12-15
|
13 | Kathleen Moriarty | [Ballot comment] I support both of Stephen's DISCUSS points. |
2016-12-15
|
13 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2016-12-15
|
13 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2016-12-14
|
13 | Joel Jaeggli | [Ballot comment] Eric Vyncke (evyncke) performed the opsdir review. |
2016-12-14
|
13 | Joel Jaeggli | Ballot comment text updated for Joel Jaeggli |
2016-12-14
|
13 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2016-12-14
|
13 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2016-12-14
|
13 | (System) | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2016-12-14
|
13 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2016-12-14
|
13 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2016-12-14
|
13 | Ben Campbell | [Ballot comment] Update: Looks like the address for Dan Wing needs to be updated. -1: Is TCP head of line blocking considered a problem between … [Ballot comment] Update: Looks like the address for Dan Wing needs to be updated. -1: Is TCP head of line blocking considered a problem between the client and cacheing resolver? Otherwise, between that and the potential to use TCP fast open, the motivation for not just using TLS seems weak (which may not be a problem for an experimental RFC.) - 3.1: "DNS clients and servers MUST NOT use port 853 to transport cleartext DNS messages. " Am I correct to assume that this requirement is really about clients and servers that do not implement this spec? While I see the point, how would such a client or server even know about the restriction? |
2016-12-14
|
13 | Ben Campbell | Ballot comment text updated for Ben Campbell |
2016-12-14
|
13 | Ben Campbell | [Ballot comment] -1: Is TCP head of line blocking considered a problem between the client and cacheing resolver? Otherwise, between that and the potential to … [Ballot comment] -1: Is TCP head of line blocking considered a problem between the client and cacheing resolver? Otherwise, between that and the potential to use TCP fast open, the motivation for not just using TLS seems weak (which may not be a problem for an experimental RFC.) - 3.1: "DNS clients and servers MUST NOT use port 853 to transport cleartext DNS messages. " Am I correct to assume that this requirement is really about clients and servers that do not implement this spec? While I see the point, how would such a client or server even know about the restriction? |
2016-12-14
|
13 | Ben Campbell | [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell |
2016-12-14
|
13 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2016-12-13
|
13 | Spencer Dawkins | [Ballot comment] Thanks for the careful treatment of transport topics in this specification. |
2016-12-13
|
13 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2016-12-13
|
13 | Stephen Farrell | [Ballot discuss] I have two discuss points to chat about before I ballot yes for this: (1) I think it'd be good to make the … [Ballot discuss] I have two discuss points to chat about before I ballot yes for this: (1) I think it'd be good to make the nature of this RFC clear in the document, so that folks don't get confused and implement this now, when we think they ought be using TLS for stub to recursive privacy. I'd suggest maybe adding a note here (possibly an IESG note, or just more text before 1.1, whatever), that says something like: "This DTLS solution was considered by the DPRIVE working group as an option to use in case the TLS based approach specified in RFC7858 turns out to have some issues when deployed. At the time of writing, it is expected that RFC7858 is what will be deployed, and so this specification is mainly intended as a backup." Note that while text like that may also end up in the profiles document, I still think it may be useful here as well. (2) Section 4: No mention of OCSP stapling? And come to think of it, how would non-stapled OCSP even work? And since I've now thought of it, how will OCSP work with RFC7858? Does this (and 7858) need to mandate stapling or no revocation checking via OCSP at all? (Apologies for not asking about that when we were processing 7858;-) |
2016-12-13
|
13 | Stephen Farrell | [Ballot comment] - 3.3: What does "of the order of several seconds" mean? If you mean O(10s) then why not say that? - 3.3: Is … [Ballot comment] - 3.3: What does "of the order of several seconds" mean? If you mean O(10s) then why not say that? - 3.3: Is figure 1 really needed? There's no longer any meaningful reference to it from the text. (I forget if there once was.) - To try answer Benoit's comment: I think that this is a part of the overall DPRIVE experiment, so it's a little hard to say exactly how this document alone constitutes a useful experiment. But see also my discuss point#1. |
2016-12-13
|
13 | Stephen Farrell | [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell |
2016-12-12
|
13 | Benoît Claise | [Ballot comment] Under which conditions do we know that this experiment will be successful? Anything worth nothing? As an example of a similar RFC, see … [Ballot comment] Under which conditions do we know that this experiment will be successful? Anything worth nothing? As an example of a similar RFC, see https://tools.ietf.org/html/rfc7360#section-1.3 |
2016-12-12
|
13 | Benoît Claise | Ballot comment text updated for Benoit Claise |
2016-12-12
|
13 | Benoît Claise | [Ballot comment] Under which conditions do we know that this experiment will be successful? |
2016-12-12
|
13 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2016-12-12
|
13 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Eric Vyncke. |
2016-12-12
|
13 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2016-12-12
|
13 | Mirja Kühlewind | [Ballot comment] Regarding the shepherd write-up: There is no requirement for an implementation section. There is a recommendation to have one, to track implementations efforts … [Ballot comment] Regarding the shepherd write-up: There is no requirement for an implementation section. There is a recommendation to have one, to track implementations efforts during the draft's live-time, but such a section is usually removed on publication as RFC as this information easily out-dates. There is another recommendation to have a section explaining the goals and/or next steps after the end of a (successful) experiment. I personally don't think this is required here, given that I understand the experiment is to figure out if this will be adopted (given there is stable reference). One small question on the text in the draft: "For the client, state should be destroyed when disconnecting from the network (e.g., associated IP interface is brought down). " Does this mean all state including state used for session resumption? |
2016-12-12
|
13 | Mirja Kühlewind | [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind |
2016-12-12
|
13 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov |
2016-12-12
|
13 | Terry Manderson | IESG state changed to IESG Evaluation from Waiting for Writeup |
2016-12-12
|
13 | Terry Manderson | Changed consensus to Yes from Unknown |
2016-12-12
|
13 | Terry Manderson | Ballot has been issued |
2016-12-12
|
13 | Terry Manderson | [Ballot Position Update] New position, Yes, has been recorded for Terry Manderson |
2016-12-12
|
13 | Terry Manderson | Created "Approve" ballot |
2016-12-12
|
13 | Terry Manderson | Ballot writeup was changed |
2016-12-08
|
13 | Jouni Korhonen | Request for Telechat review by GENART Completed: Ready. Reviewer: Jouni Korhonen. Sent review to list. |
2016-12-08
|
13 | Jean Mahoney | Request for Telechat review by GENART is assigned to Jouni Korhonen |
2016-12-08
|
13 | Jean Mahoney | Request for Telechat review by GENART is assigned to Jouni Korhonen |
2016-12-02
|
13 | Martin Stiemerling | Request for Telechat review by TSVART is assigned to Allison Mankin |
2016-12-02
|
13 | Martin Stiemerling | Request for Telechat review by TSVART is assigned to Allison Mankin |
2016-11-30
|
13 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2016-11-30
|
13 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-13.txt |
2016-11-30
|
13 | (System) | New version approved |
2016-11-30
|
13 | (System) | Request for posting confirmation emailed to previous authors: "Prashanth Patil" , "Tirumaleswar Reddy" , "Dan Wing" |
2016-11-30
|
13 | Tirumaleswar Reddy.K | Uploaded new revision |
2016-11-17
|
12 | Jouni Korhonen | Request for Last Call review by GENART Completed: Ready. Reviewer: Jouni Korhonen. |
2016-11-16
|
12 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2016-11-14
|
12 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2016-11-14
|
12 | Sabrina Tanamal | (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has reviewed draft-ietf-dprive-dnsodtls-12.txt, which is currently in Last Call, and has the following comments: We … (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has reviewed draft-ietf-dprive-dnsodtls-12.txt, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any registry actions. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object. If this assessment is not accurate, please respond as soon as possible. Thank you, Sabrina Tanamal IANA Services Specialist PTI |
2016-11-03
|
12 | Jean Mahoney | Request for Last Call review by GENART is assigned to Jouni Korhonen |
2016-11-03
|
12 | Jean Mahoney | Request for Last Call review by GENART is assigned to Jouni Korhonen |
2016-11-03
|
12 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Dan Harkins |
2016-11-03
|
12 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Dan Harkins |
2016-11-03
|
12 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Eric Vyncke |
2016-11-03
|
12 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Eric Vyncke |
2016-11-02
|
12 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2016-11-02
|
12 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: "IETF-Announce" CC: tjw.ietf@gmail.com, draft-ietf-dprive-dnsodtls@ietf.org, dprive-chairs@ietf.org, dns-privacy@ietf.org, "Tim Wicinski" , … The following Last Call announcement was sent out: From: The IESG To: "IETF-Announce" CC: tjw.ietf@gmail.com, draft-ietf-dprive-dnsodtls@ietf.org, dprive-chairs@ietf.org, dns-privacy@ietf.org, "Tim Wicinski" , terry.manderson@icann.org Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Specification for DNS over Datagram Transport Layer Security (DTLS)) to Experimental RFC The IESG has received a request from the DNS PRIVate Exchange WG (dprive) to consider the following document: - 'Specification for DNS over Datagram Transport Layer Security (DTLS)' as Experimental RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2016-11-16. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract DNS queries and responses are visible to network elements on the path between the DNS client and its server. These queries and responses can contain privacy-sensitive information which is valuable to protect. This document proposes the use of Datagram Transport Layer Security (DTLS) for DNS, to protect against passive listeners and certain active attacks. As latency is critical for DNS, this proposal also discusses mechanisms to reduce DTLS round trips and reduce DTLS handshake size. The proposed mechanism runs over port 853. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/ballot/ No IPR declarations have been submitted directly on this I-D. |
2016-11-02
|
12 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2016-11-02
|
12 | Amy Vezza | Last call announcement was changed |
2016-11-01
|
12 | Terry Manderson | Placed on agenda for telechat - 2016-12-15 |
2016-11-01
|
12 | Terry Manderson | Last call was requested |
2016-11-01
|
12 | Terry Manderson | Ballot approval text was generated |
2016-11-01
|
12 | Terry Manderson | Ballot writeup was generated |
2016-11-01
|
12 | Terry Manderson | IESG state changed to Last Call Requested from AD Evaluation |
2016-11-01
|
12 | Terry Manderson | Last call announcement was generated |
2016-10-17
|
12 | Terry Manderson | IESG state changed to AD Evaluation from Publication Requested |
2016-10-05
|
12 | Tim Wicinski | 1. Summary Document Shepherd: Tim Wicinski Area Director: Terry Manderson Document Type: Experimental This document proposes the use of Datagram Transport … 1. Summary Document Shepherd: Tim Wicinski Area Director: Terry Manderson Document Type: Experimental This document proposes the use of Datagram Transport Layer Security (DTLS) for DNS, to protect against passive listeners and certain active attacks. As latency is critical for DNS, this proposal also discusses mechanisms to reduce DTLS round trips and reduce DTLS handshake size. The working group chose Experimental over Proposed Standard because the authors have indicated they are not willing to attempt implemntating this, nor have they attempted to find anyone to implement this. While the working group confirmed publication, this document shepherd (and working group co-chair) is conflicted. The lack of implementation anytime in the near future means this will get published but never actually used. While the working group does not see this as a problem, I feel it sets a bad precedent. 2. Review and Consensus The document was reviewed very heavily by the working group, and c compared to the previous document DNS-over TLS https://datatracker.ietf.org/doc/rfc7858/ The working group made several requests which the authors performed. The biggest one was the removal of the Authenication profiles and placed in a separate document draft-ietf-dprive-dtls-and-tls- profiles which is currently working through the working group and is slated for last call. The consensus was positive on adopting and publishing this draft, and the working group did not have many comments about the lack of 3. Intellectual Property The authors stated that their direct, personal knowledge of any IPR related to this document has already been disclosed. 4. Other Points There are no downward references in this document. Currently, the document lists ietf-dprive-dtls-and-tls-profiles as an Informative Reference, but lists it as a MUST in section 3.2. Because of this, the shepherd feels this could be listed as a normative reference, though the document is Experimental. There is currently no Implementation Section, as needed for Experimental drafts. The authors have stated they will not attempt any implementations. IANA Considerations: There are no IANA Considerations Checklist: - Does the shepherd stand behind the document and think the document is ready for publication? X - Is the correct RFC type indicated in the title page header? X - Is the abstract both brief and sufficient, and does it stand alone as a brief summary? X - Is the intent of the document accurately and adequately explained in the introduction? X - Have all required formal reviews (MIB Doctor, Media Type, URI, etc.) been requested and/or completed? X - Has the shepherd performed automated checks -- idnits X - Has each author stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79? X - Have all references within this document been identified as either normative or informative, and does the shepherd agree with how they have been classified? X - Are all normative references made to documents that are ready for advancement and are otherwise in a clear state? X - If publication of this document changes the status of any existing RFCs, are those RFCs listed on the title page header, and are the changes listed in the abstract and discussed (explained, not just mentioned) in the introduction? X - If this is a "bis" document, have all of the errata been considered? |
2016-10-05
|
12 | Tim Wicinski | Responsible AD changed to Terry Manderson |
2016-10-05
|
12 | Tim Wicinski | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2016-10-05
|
12 | Tim Wicinski | IESG state changed to Publication Requested |
2016-10-05
|
12 | Tim Wicinski | IESG process started in state Publication Requested |
2016-10-05
|
12 | Tim Wicinski | Tag Revised I-D Needed - Issue raised by WGLC cleared. |
2016-09-08
|
12 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-12.txt |
2016-09-08
|
11 | Tim Wicinski | Changed document writeup |
2016-09-01
|
11 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-11.txt |
2016-08-16
|
10 | Warren Kumari | IETF WG state changed to In WG Last Call from WG Document |
2016-08-16
|
10 | Warren Kumari | Tag Revised I-D Needed - Issue raised by WGLC set. |
2016-08-16
|
10 | Warren Kumari | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2016-08-16
|
10 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-10.txt |
2016-08-11
|
09 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-09.txt |
2016-07-28
|
08 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-08.txt |
2016-07-06
|
07 | Prashanth Patil | New version available: draft-ietf-dprive-dnsodtls-07.txt |
2016-04-06
|
06 | Tim Wicinski | Notification list changed to "Tim Wicinski" <tjw.ietf@gmail.com> |
2016-04-06
|
06 | Tim Wicinski | Document shepherd changed to Tim Wicinski |
2016-04-04
|
06 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-06.txt |
2016-03-15
|
05 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-05.txt |
2016-01-21
|
04 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-04.txt |
2015-11-24
|
03 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-03.txt |
2015-11-02
|
02 | Tim Wicinski | Intended Status changed to Experimental from None |
2015-10-18
|
02 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-02.txt |
2015-06-04
|
01 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-01.txt |
2015-06-03
|
00 | Tim Wicinski | This document now replaces draft-wing-dprive-dnsodtls instead of None |
2015-06-03
|
00 | Tirumaleswar Reddy.K | New version available: draft-ietf-dprive-dnsodtls-00.txt |