Recursive to Authoritative DNS with Unauthenticated Encryption
draft-ietf-dprive-opportunistic-adotq-02
| Document | Type | Replaced Internet-Draft (dprive WG) | |
|---|---|---|---|
| Authors | Paul E. Hoffman , Peter van Dijk | ||
| Last updated | 2021-04-01 | ||
| Replaces | draft-pp-recursive-authoritative-opportunistic | ||
| Replaced by | draft-ietf-dprive-unauth-to-authoritative | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
|
||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-dprive-unauth-to-authoritative | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-ietf-dprive-opportunistic-adotq-02.txt
Abstract
This document describes a use case and a method for a DNS recursive resolver to use unauthenticated encryption when communicating with authoritative servers. The motivating use case for this method is that more encryption on the Internet is better, and some resolver operators believe that unauthenticated encryption is better than no encryption at all. The method described here is optional for both the recursive resolver and the authoritative server. This method supports unauthenticated encryption using the same mechanism for discovery of encryption support for the server as [I-D.rescorla-dprive-adox-latest]. NOTE: The file name for this draft, draft-ietf-dprive-opportunistic- adotq, is now incorrect. This draft only covers unauthenticated encryption, not opportunistic encryption.
Authors
Paul E. Hoffman
Peter van Dijk
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)