Hi all, This draft https://tools.ietf.org/html/draft-reddy-dprive-bootstrap-dns-server-03 explains mechanism to automatically bootstrap endpoints to discover and authenticate DNS-over-(D)TLS and DNS-over-HTTPS servers provided by a local network.
The specification discusses : (1) Bootstrapping phase to automatically bootstrap the endpoint devices with authentication domain name (ADN) (defined in [RFC8310]) and associating the DNS server certificate (similar to PKIX-EE(1) defined in DANE). (2) Discovery Phase to discover the privacy-enabling protocols supported by the local DNS server. (3) Connection handshake and DNS server certificate validation. (4) A new privacy certificate extension is defined that identifies the privacy preserving data policy of the DNS server. Comments and suggestions are more than welcome. Cheers, -Tiru ---------- Forwarded message --------- From: <internet-dra...@ietf.org> Date: Tue, 7 May 2019 at 20:27 Subject: New Version Notification for draft-reddy-dprive-bootstrap-dns-server-03.txt To: Mohamed Boucadair <mohamed.boucad...@orange.com>, Tirumaleswar Reddy < kond...@gmail.com>, Dan Wing <dwing-i...@fuggles.com>, Michael C. Richardson <mcr+i...@sandelman.ca> A new version of I-D, draft-reddy-dprive-bootstrap-dns-server-03.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-reddy-dprive-bootstrap-dns-server Revision: 03 Title: A Bootstrapping Procedure to Discover and Authenticate DNS-over-(D)TLS and DNS-over-HTTPS Servers Document date: 2019-05-07 Group: Individual Submission Pages: 21 URL: https://www.ietf.org/internet-drafts/draft-reddy-dprive-bootstrap-dns-server-03.txt Status: https://datatracker.ietf.org/doc/draft-reddy-dprive-bootstrap-dns-server/ Htmlized: https://tools.ietf.org/html/draft-reddy-dprive-bootstrap-dns-server-03 Htmlized: https://datatracker.ietf.org/doc/html/draft-reddy-dprive-bootstrap-dns-server Diff: https://www.ietf.org/rfcdiff?url2=draft-reddy-dprive-bootstrap-dns-server-03 Abstract: This document specifies mechanisms to automatically bootstrap endpoints (e.g., hosts, Customer Equipment) to discover and authenticate DNS-over-(D)TLS and DNS-over-HTTPS servers provided by a local network. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
