Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-dane-03.txt

Wed, 29 Nov 2023 10:14:40 -0800 

Hi DNSOP,

This draft is essentially identical to -02 except for the new Appendix A, which 
discuss the impact of Unknown Key-Share Attacks: 
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-dane-03#name-unknown-key-share-attacks

I would appreciate more review on that section, which attempts a fairly tricky 
security analysis.

Otherwise, I believe this draft is ready for WGLC (except for the 
Acknowledgements section, which still needs to be filled in).

--Ben
________________________________
From: DNSOP <dnsop-boun...@ietf.org> on behalf of internet-dra...@ietf.org 
<internet-dra...@ietf.org>
Sent: Wednesday, November 29, 2023 1:10 PM
To: i-d-annou...@ietf.org <i-d-annou...@ietf.org>
Cc: dnsop@ietf.org <dnsop@ietf.org>
Subject: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-dane-03.txt

!-------------------------------------------------------------------|
  This Message Is From an External Sender

|-------------------------------------------------------------------!

Internet-Draft draft-ietf-dnsop-svcb-dane-03.txt is now available. It is a
work item of the Domain Name System Operations (DNSOP) WG of the IETF.

   Title:   Using DNSSEC Authentication of Named Entities (DANE) with DNS 
Service Bindings (SVCB) and QUIC
   Authors: Benjamin M. Schwartz
            Robert Evans
   Name:    draft-ietf-dnsop-svcb-dane-03.txt
   Pages:   13
   Dates:   2023-11-29

Abstract:

   Service Binding (SVCB) records introduce a new form of name
   indirection in DNS.  They also convey information about the
   endpoint's supported protocols, such as whether QUIC transport is
   available.  This document specifies how DNS-Based Authentication of
   Named Entities (DANE) interacts with Service Bindings to secure
   connections, including use of port numbers and transport protocols
   discovered via SVCB queries.  The "_quic" transport name label is
   introduced to distinguish TLSA records for DTLS and QUIC.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-dane/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-dane-03.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-svcb-dane-03

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to