DNS Server Privacy Statement and Filtering Policy with Assertion Token

Document Type Replaced Internet-Draft (individual)
Authors Tirumaleswar Reddy.K  , Dan Wing  , Michael Richardson  , Mohamed Boucadair 
Last updated 2020-03-03
Replaced by draft-reddy-add-server-policy-selection
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-reddy-add-server-policy-selection
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Users may want to control how their DNS queries are handled by DNS servers so they can configure their system to use DNS servers that comply with their privacy and DNS filtering expectations. This document defines a mechanism for a DNS server to communicate its privacy statement URL and filtering policy to a DNS client. This communication is cryptographically signed to attest its authenticity. By evaluating the DNS privacy statement, filtering policy and the signatory, the user can choose a DNS server that best supports his/ her desired privacy and filtering policy. This token is particularly useful for DNS-over-TLS and DNS-over-HTTPS servers that are either public resolvers or are discovered on a local network.


Tirumaleswar Reddy.K (kondtir@gmail.com)
Dan Wing (dwing-ietf@fuggles.com)
Michael Richardson (mcr+ietf@sandelman.ca)
Mohamed Boucadair (mohamed.boucadair@orange.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)