Folks, We removed a few editorial problems and applied the comments of some folks who sent their comments offlist.
I just briefly explain the purpose of this document. - The name of this document is CGA-TSIG but it does not mean that it only supports iPv6 or it only uses CGA. The name was taken from the first versions of this draft and continued to appear on other version (it is a symbolic name) So at the moment this draft supports IPv6 and IPv4 enabled network. It uses two almost similar algorithms for two different purposes, one for only DNS secure authentication and automation of this process and the other for both DNS secure authentication and DNS privacy and data encryption. - For DNS privacy we only use the public key cryptography to encrypt a 16 byte secret key and exchange it to other nodes. After that the symmetric algorithm is used for the encryption of the whole DNS message. It then adds a new header for the verifier node. - In this version I also included a figure that shows the whole process for an example scenario (resolver to stub resolver DNS privacy and authentication) We love to receive your comments to improve this document. The purpose of this document is to address the problem exists with the current DNS mechanisms and also provide a solution for DNS privacy without chaning DNS protocol. Thank you, Best, Hosnieh -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, July 04, 2014 8:53 PM To: [email protected] Subject: I-D Action: draft-rafiee-intarea-cga-tsig-09.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : CGA-TSIG/e: Algorithms for Secure DNS Authentication and DNS Confidentiality Authors : Hosnieh Rafiee Martin von Loewis Christoph Meinel Filename : draft-rafiee-intarea-cga-tsig-09.txt Pages : 33 Date : 2014-07-04 Abstract: This document describes a new mechanism for secure DNS authentication and DNS data confidentiality. The purpose of this document is to reduce human interaction during different DNS scenarios such as the communications of resolvers to stub resolvers, recursive resolvers to Authoritative Name Server, Dynamic DNS updates, (especially updating PTR and FQDN records (RFC4703)) and zone transfers. This document supports both IPv4 and IPv6 enabled networks. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-rafiee-intarea-cga-tsig/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-rafiee-intarea-cga-tsig-09 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-rafiee-intarea-cga-tsig-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
