Usage Profiles for DNS over TLS and DNS over DTLS

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc:, The IESG <>, Tim Wicinski <>,,,,,
Subject: Protocol Action: 'Usage and (D)TLS Profiles for DNS-over-(D)TLS' to Proposed Standard (draft-ietf-dprive-dtls-and-tls-profiles-11.txt)

The IESG has approved the following document:
- 'Usage and (D)TLS Profiles for DNS-over-(D)TLS'
  (draft-ietf-dprive-dtls-and-tls-profiles-11.txt) as Proposed Standard

This document is the product of the DNS PRIVate Exchange Working Group.

The IESG contact persons are Suresh Krishnan and Terry Manderson.

A URL of this Internet Draft is:

Technical Summary

   This document discusses Usage Profiles, based on one or more
   authentication mechanisms, which can be used for DNS over Transport
   Layer Security (TLS) or Datagram TLS (DTLS).  This document also
   specifies new authentication mechanisms - it describes several ways a
   DNS client can use an authentication domain name to authenticate a
   DNS server.  Additionally, it defines (D)TLS profiles for DNS clients
   and servers implementing DNS-over-(D)TLS.

Working Group Summary

  The working group spent much time working through all the different
  authentication mechanisms, primarily making sure that the DNS-over-TLS
  and DNS-over-DTLS profiles were accurate, which were held up
  waiting for the DNS-over-DTLS draft to be moved forward.

Document Quality

   Document is of good quality.  It has been through both normative review
as well as editorial review and the shepherd feels it is worthy of


Document Shepherd:  Tim Wicinski
Area Director:  Terry Manderson