Skip to main content

Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS
draft-ietf-dprive-unilateral-probing-13

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, brian@innovationslab.net, dns-privacy@ietf.org, dprive-chairs@ietf.org, draft-ietf-dprive-unilateral-probing@ietf.org, evyncke@cisco.com, rfc-editor@rfc-editor.org, tjw.ietf@gmail.com
Subject: Document Action: 'Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS' to Experimental RFC (draft-ietf-dprive-unilateral-probing-13.txt)

The IESG has approved the following document:
- 'Unilateral Opportunistic Deployment of Encrypted Recursive-to-
   Authoritative DNS'
  (draft-ietf-dprive-unilateral-probing-13.txt) as Experimental RFC

This document is the product of the DNS PRIVate Exchange Working Group.

The IESG contact persons are Erik Kline and Éric Vyncke.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/


Ballot Text

Technical Summary

   This document sets out steps that DNS servers (recursive resolvers
   and authoritative servers) can take unilaterally (without any
   coordination with other peers) to defend DNS query privacy against a
   passive network monitor.  The steps in this document can be defeated
   by an active attacker, but should be simpler and less risky to deploy
   than more powerful defenses.

   The goal of this document is to simplify and speed deployment of
   opportunistic encrypted transport in the recursive-to-authoritative
   hop of the DNS ecosystem.  Wider easy deployment of the underlying
   transport on an opportunistic basis may facilitate the future
   specification of stronger cryptographic protections against more
   powerful attacks.

Working Group Summary

As this document defines new features for DNS message exchanges, there was some
controversy around the potential impact to certain types of DNS servers (e.g.,
distributed authoritative servers). Due to those concerns, the document
describes a set of measurements to be collected once the document is published
as an RFC. Those measurements will allow the WG to determine the overall
operational impact of this type of probing on DNS services supporting this
specification.

Document Quality

This document contains a list of current implementations per RFC 7942.

It has also been reviewed by several directorates (DNS and OPS), leading to some changes.

Personnel

   The Document Shepherd for this document is Brian Haberman. The
   Responsible Area Director is Éric Vyncke.

RFC Editor Note