[DNSOP] FW: New Version Notification for draft-rafiee-intarea-cga-tsig-10.txt

Mon, 25 Aug 2014 02:16:54 -0700 

Hi,

Since I received comments that still the problem explained in the draft is not 
so clear. I re-organized it and focused on problem statement. If I compared 
this draft with other approaches is only to give you an idea that how it can 
protect the last mile of Internet where DNSSEC or other approaches cannot do it 
easily especially for IPv6. 
Since I am not longer convinced about DNS confidentiality unless the 
surveillance actor has no access to other flows without sniffing DNS flows (or 
he needs to use DNS flows as a helper to do this sniffing), I put encryption as 
an optional cases that this draft can support. 

So the main focus is authentication of scenarios where at the moment not 
supported by other mechanisms. 

I welcome any comments or suggestions.
Thanks,
Best,
Hosnieh



A new version of I-D, draft-rafiee-intarea-cga-tsig-10.txt
has been successfully submitted by Hosnieh Rafiee and posted to the IETF 
repository.

Name:           draft-rafiee-intarea-cga-tsig
Revision:       10
Title:          CGA-TSIG/e: Algorithms for Secure DNS Authentication and 
Optional DNS Confidentiality
Document date:  2014-08-25
Group:          Individual Submission
Pages:          37
URL:            
http://www.ietf.org/internet-drafts/draft-rafiee-intarea-cga-tsig-10.txt
Status:         https://datatracker.ietf.org/doc/draft-rafiee-intarea-cga-tsig/
Htmlized:       http://tools.ietf.org/html/draft-rafiee-intarea-cga-tsig-10
Diff:           
http://www.ietf.org/rfcdiff?url2=draft-rafiee-intarea-cga-tsig-10

Abstract:
   This document describes a new mechanism for secure DNS authentication
   and DNS data confidentiality in case it is necessary (DNS privacy).
   The purpose of this document is to reduce human interaction during
   different DNS scenarios such as the communications of resolvers to
   stub resolvers, recursive resolvers to Authoritative Name Server,
   Dynamic DNS updates, (especially updating PTR and FQDN records). The
   aim of this document to assist DNSSEC to protect the last miles of
   Internet easier. This document supports both IPv4 and IPv6 enabled
   networks.



                                                                                
  


Please note that it may take a couple of minutes from the time of submission 
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to