DNS Zone Transfer-over-TLS
draft-ietf-dprive-xfr-over-tls-09
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
2021-04-08 |
09 | Jean Mahoney | Request for Last Call review by GENART is assigned to Dan Romascanu |
2021-04-08 |
09 | Jean Mahoney | Request for Last Call review by GENART is assigned to Dan Romascanu |
2021-04-08 |
09 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Alexey Melnikov |
2021-04-08 |
09 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Alexey Melnikov |
2021-04-08 |
09 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Jouni Korhonen |
2021-04-08 |
09 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Jouni Korhonen |
2021-04-06 |
09 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2021-04-06 |
09 | Amy Vezza | The following Last Call announcement was sent out (ends 2021-04-20): From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> CC: dns-privacy@ietf.org, dprive-chairs@ietf.org, draft-ietf-dprive-xfr-over-tls@ietf.org, evyncke@cisco.com, tjw.ietf@gmail.com Reply-To: last-call@ietf.org … The following Last Call announcement was sent out (ends 2021-04-20): From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> CC: dns-privacy@ietf.org, dprive-chairs@ietf.org, draft-ietf-dprive-xfr-over-tls@ietf.org, evyncke@cisco.com, tjw.ietf@gmail.com Reply-To: last-call@ietf.org Sender: <iesg-secretary@ietf.org> Subject: Last Call: <draft-ietf-dprive-xfr-over-tls-09.txt> (DNS Zone Transfer-over-TLS) to Proposed Standard The IESG has received a request from the DNS PRIVate Exchange WG (dprive) to consider the following document: - 'DNS Zone Transfer-over-TLS' <draft-ietf-dprive-xfr-over-tls-09.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2021-04-20. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dprive-xfr-over-tls/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc6973: Privacy Considerations for Internet Protocols (Informational - Internet Architecture Board (IAB)) draft-ietf-dprive-rfc7626-bis: DNS Privacy Considerations (None - Internet Engineering Task Force (IETF)) rfc7626: DNS Privacy Considerations (Informational - Internet Engineering Task Force (IETF)) |
2021-04-06 |
09 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2021-04-06 |
09 | Éric Vyncke | Ballot writeup was changed |
2021-04-06 |
09 | Éric Vyncke | Last call was requested |
2021-04-06 |
09 | Éric Vyncke | Last call announcement was generated |
2021-04-06 |
09 | Éric Vyncke | Ballot approval text was generated |
2021-04-06 |
09 | Éric Vyncke | Ballot writeup was generated |
2021-04-06 |
09 | (System) | Changed action holders to Éric Vyncke (IESG state changed) |
2021-04-06 |
09 | Éric Vyncke | IESG state changed to Last Call Requested from AD Evaluation::AD Followup |
2021-04-06 |
09 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2021-04-06 |
09 | Sara Dickinson | New version available: draft-ietf-dprive-xfr-over-tls-09.txt |
2021-04-06 |
09 | (System) | New version approved |
2021-04-06 |
09 | (System) | Request for posting confirmation emailed to previous authors: Allison Mankin <allison.mankin@gmail.com>, Pallavi Aras <paras@salesforce.com>, Sara Dickinson <sara@sinodun.com>, Shivan Sahib <shivankaulsahib@gmail.com>, Willem Toorop <willem@nlnetlabs.nl> |
2021-04-06 |
09 | Sara Dickinson | Uploaded new revision |
2021-03-19 |
08 | Éric Vyncke | Revised I-D is probably required based on AD review: https://mailarchive.ietf.org/arch/msg/dns-privacy/xI2eTy9_qbfOLsi0sgKxPK0iRvc/ |
2021-03-19 |
08 | (System) | Changed action holders to Éric Vyncke, Sara Dickinson, Allison Mankin, Willem Toorop, Shivan Sahib, Pallavi Aras (IESG state changed) |
2021-03-19 |
08 | Éric Vyncke | IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation |
2021-03-08 |
08 | Shivan Sahib | New version available: draft-ietf-dprive-xfr-over-tls-08.txt |
2021-03-08 |
08 | (System) | New version accepted (logged-in submitter: Shivan Sahib) |
2021-03-08 |
08 | Shivan Sahib | Uploaded new revision |
2021-03-04 |
07 | (System) | Changed action holders to Éric Vyncke (IESG state changed) |
2021-03-04 |
07 | Éric Vyncke | IESG state changed to AD Evaluation from Publication Requested |
2021-02-28 |
07 | Tim Wicinski | (1) RFC is Standards Track, and this is the correct RFC type. (2) Technical Summary: DNS zone transfers are transmitted in clear text, which gives … (1) RFC is Standards Track, and this is the correct RFC type. (2) Technical Summary: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. Working Group Summary: There were several discussions during the working group process, but they were all resolved. Document Quality: The document was the result of different interpertations of the original RFC that cause some implementation issues. Section 14 points out there are several implementations that interact successfully. Personnel: Document Shepherd: Tim Wicinski Responsible Area Director: Éric Vyncke (3) The Document Shepherd did a detailed review of the document for content as well as simple editorial checks (spelling/grammar). The shepherd feels the document is ready for publication. (4) The Document Shepherd has no concerns on the depth or breadth of the reviews. (5) There is no need for broader review. (6) There are no concerns from the document shepherd. (7) No IPR disclosures (8) There is no IPR (9) The WG Consensus on this document is very solid. (10) There has been no appeals. (11) All nits found have been addressed by the authors. (12) No formal review needed (13) All references have been identified as normative or informative. (14) normative references draft-vcelak-nsec5 has expired and is a normative reference. (15) There are two downward normative references: RFC6973 and RFC7626. Both documents have been used as a downward reference previously. (16) This document will update RFC1995, RFC5936 and RFC7766, and it is in the abstract and the introduction. (17) N/A (18) N/A (19) N/A (20) No Yang Necessary |
2021-02-28 |
07 | Tim Wicinski | Responsible AD changed to Éric Vyncke |
2021-02-28 |
07 | Tim Wicinski | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2021-02-28 |
07 | Tim Wicinski | IESG state changed to Publication Requested from I-D Exists |
2021-02-28 |
07 | Tim Wicinski | IESG process started in state Publication Requested |
2021-02-28 |
07 | Tim Wicinski | (1) RFC is Standards Track, and this is the correct RFC type. (2) Technical Summary: DNS zone transfers are transmitted in clear text, which gives … (1) RFC is Standards Track, and this is the correct RFC type. (2) Technical Summary: DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies the use of TLS, rather than clear text, to prevent zone content collection via passive monitoring of zone transfers: XFR-over-TLS (XoT). Additionally, this specification updates RFC1995, RFC5936 and RFC7766. Working Group Summary: There were several discussions during the working group process, but they were all resolved. Document Quality: The document was the result of different interpertations of the original RFC that cause some implementation issues. Section 14 points out there are several implementations that interact successfully. Personnel: Document Shepherd: Tim Wicinski Responsible Area Director: Éric Vyncke (3) The Document Shepherd did a detailed review of the document for content as well as simple editorial checks (spelling/grammar). The shepherd feels the document is ready for publication. (4) The Document Shepherd has no concerns on the depth or breadth of the reviews. (5) There is no need for broader review. (6) There are no concerns from the document shepherd. (7) No IPR disclosures (8) There is no IPR (9) The WG Consensus on this document is very solid. (10) There has been no appeals. (11) All nits found have been addressed by the authors. (12) No formal review needed (13) All references have been identified as normative or informative. (14) normative references draft-vcelak-nsec5 has expired and is a normative reference. (15) There are two downward normative references: RFC6973 and RFC7626. Both documents have been used as a downward reference previously. (16) This document will update RFC1995, RFC5936 and RFC7766, and it is in the abstract and the introduction. (17) N/A (18) N/A (19) N/A (20) No Yang Necessary |
2021-02-28 |
07 | Tim Wicinski | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2021-02-16 |
07 | Sara Dickinson | New version available: draft-ietf-dprive-xfr-over-tls-07.txt |
2021-02-16 |
07 | (System) | New version accepted (logged-in submitter: Sara Dickinson) |
2021-02-16 |
07 | Sara Dickinson | Uploaded new revision |
2021-02-11 |
06 | Sara Dickinson | New version available: draft-ietf-dprive-xfr-over-tls-06.txt |
2021-02-11 |
06 | (System) | New version accepted (logged-in submitter: Sara Dickinson) |
2021-02-11 |
06 | Sara Dickinson | Uploaded new revision |
2021-01-21 |
05 | Tim Wicinski | Notification list changed to tjw.ietf@gmail.com because the document shepherd was set |
2021-01-21 |
05 | Tim Wicinski | Document shepherd changed to Tim Wicinski |
2021-01-21 |
05 | Tim Wicinski | IETF WG state changed to In WG Last Call from WG Document |
2021-01-20 |
05 | Sara Dickinson | New version available: draft-ietf-dprive-xfr-over-tls-05.txt |
2021-01-20 |
05 | (System) | New version approved |
2021-01-20 |
05 | (System) | Request for posting confirmation emailed to previous authors: Allison Mankin <allison.mankin@gmail.com>, Pallavi Aras <paras@salesforce.com>, Sara Dickinson <sara@sinodun.com>, Shivan Sahib <ssahib@salesforce.com>, Willem Toorop <willem@nlnetlabs.nl> |
2021-01-20 |
05 | Sara Dickinson | Uploaded new revision |
2020-11-23 |
04 | Sara Dickinson | New version available: draft-ietf-dprive-xfr-over-tls-04.txt |
2020-11-23 |
04 | (System) | New version accepted (logged-in submitter: Sara Dickinson) |
2020-11-23 |
04 | Sara Dickinson | Uploaded new revision |
2020-11-19 |
03 | Tim Wicinski | Added to session: IETF-109: dprive Fri-1600 |
2020-11-02 |
03 | Sara Dickinson | New version available: draft-ietf-dprive-xfr-over-tls-03.txt |
2020-11-02 |
03 | (System) | New version approved |
2020-11-02 |
03 | (System) | Request for posting confirmation emailed to previous authors: Allison Mankin <allison.mankin@gmail.com>, Willem Toorop <willem@nlnetlabs.nl>, Shivan Sahib <ssahib@salesforce.com>, Sara Dickinson <sara@sinodun.com>, Pallavi Aras <paras@salesforce.com> |
2020-11-02 |
03 | Sara Dickinson | Uploaded new revision |
2020-07-23 |
02 | Tim Wicinski | Added to session: IETF-108: dprive Fri-1410 |
2020-07-13 |
02 | Sara Dickinson | New version available: draft-ietf-dprive-xfr-over-tls-02.txt |
2020-07-13 |
02 | (System) | New version approved |
2020-07-13 |
02 | (System) | Request for posting confirmation emailed to previous authors: Han Zhang <hzhang@salesforce.com>, Willem Toorop <willem@nlnetlabs.nl>, Allison Mankin <allison.mankin@gmail.com>, Sara Dickinson <sara@sinodun.com>, dprive-chairs@ietf.org, Pallavi Aras <paras@salesforce.com> |
2020-07-13 |
02 | Sara Dickinson | Uploaded new revision |
2020-05-20 |
01 | Sara Dickinson | New version available: draft-ietf-dprive-xfr-over-tls-01.txt |
2020-05-20 |
01 | (System) | New version approved |
2020-05-20 |
01 | (System) | Request for posting confirmation emailed to previous authors: Pallavi Aras <paras@salesforce.com>, Sara Dickinson <sara@sinodun.com>, Han Zhang <hzhang@salesforce.com>, Allison Mankin <allison.mankin@gmail.com>, Willem Toorop <willem@nlnetlabs.nl> |
2020-05-20 |
01 | Sara Dickinson | Uploaded new revision |
2019-11-20 |
00 | Tim Wicinski | Changed consensus to Yes from Unknown |
2019-11-20 |
00 | Tim Wicinski | Intended Status changed to Proposed Standard from None |
2019-11-18 |
00 | Tim Wicinski | This document now replaces draft-hzpa-dprive-xfr-over-tls instead of None |
2019-11-18 |
00 | Sara Dickinson | New version available: draft-ietf-dprive-xfr-over-tls-00.txt |
2019-11-18 |
00 | (System) | WG -00 approved |
2019-11-18 |
00 | Sara Dickinson | Set submitter to "Sara Dickinson <sara@sinodun.com>", replaces to (none) and sent approval email to group chairs: dprive-chairs@ietf.org |
2019-11-18 |
00 | Sara Dickinson | Uploaded new revision |