(1) RFC is Standards Track, and this is the correct RFC type.
DNS zone transfers are transmitted in clear text, which gives
attackers the opportunity to collect the content of a zone by
eavesdropping on network connections. The DNS Transaction Signature
(TSIG) mechanism is specified to restrict direct zone transfer to
authorized clients only, but it does not add confidentiality. This
document specifies the use of TLS, rather than clear text, to prevent
zone content collection via passive monitoring of zone transfers:
XFR-over-TLS (XoT). Additionally, this specification updates
RFC1995, RFC5936 and RFC7766.
Working Group Summary:
There were several discussions during the working group process,
but they were all resolved.
The document was the result of different interpertations of the original
RFC that cause some implementation issues. Section 14 points out there are
several implementations that interact successfully.
Document Shepherd: Tim Wicinski
Responsible Area Director: Éric Vyncke
(3) The Document Shepherd did a detailed review of the document
for content as well as simple editorial checks (spelling/grammar).
The shepherd feels the document is ready for publication.
(4) The Document Shepherd has no concerns on the depth or breadth
of the reviews.
(5) There is no need for broader review.
(6) There are no concerns from the document shepherd.
(7) No IPR disclosures
(8) There is no IPR
(9) The WG Consensus on this document is very solid.
(10) There has been no appeals.
(11) All nits found have been addressed by the authors.
(12) No formal review needed
(13) All references have been identified as normative or informative.
(14) normative references draft-vcelak-nsec5 has expired and is a normative reference.
(15) There are two downward normative references: RFC6973 and RFC7626.
Both documents have been used as a downward reference previously.
(16) This document will update RFC1995, RFC5936 and RFC7766, and it is in the abstract and the
(20) No Yang Necessary