> On Oct 2, 2015, at 1:09 AM, Simon Josefsson <[email protected]> wrote: > >>> I believe the abstract or introduction section should mention that >>> TLS gives you data integrity services, which protects against >>> on-path tampering. Right now the document talks about encryption >>> to protect against eavesdropping. However, the RFC 7258 pervasive >>> monitoring attack includes active attacks and thus I believe >>> talking about integrity is useful to set the context right. >> >> I've added a short sentence to the abstract: >> >> @@ -169,7 +169,9 @@ >> This document describes the use of TLS to provide privacy >> for DNS. Encryption provided by TLS eliminates opportunities >> for eavesdropping on DNS queries in the network, such as >> - discussed in RFC 7258. In addition, this document specifies >> + discussed in RFC 7258. >> + TLS also protects against on-path tampering. >> + In addition, this document specifies >> two usage profiles for DNS-over-TLS and provides advice on >> performance considerations to minimize overhead from using >> TCP and TLS with DNS. > > Hi Duane. Thank you. 7258 also talks about active attacks. So > maybe it reads better to say: > > Encryption provided by TLS eliminates opportunities for eavesdropping > and on-path tampering with DNS queries in the network, such as > discussed in RFC 7258.
Thanks, this change has been made. DW
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
