date:20210702

[DNSOP] dnsop - Requested sessions have been scheduled for IETF 111

2021-07-02 Thread "IETF Secretariat"

Dear Tim Wicinski,

The session(s) that you have requested have been scheduled.
Below is the scheduled session information followed by
the original request. 


dnsop Session 1 (2:00 requested)
Monday, 26 July 2021, Session III 1600-1800
Room Name: Room 4 size: 504
-
dnsop Session 2 (1:00 requested)
Thursday, 29 July 2021, Session IV 1630-1730
Room Name: Room 5 size: 505
-


iCalendar: https://datatracker.ietf.org/meeting/111/sessions/dnsop.ics

Request Information:


-
Working Group Name: Domain Name System Operations
Area Name: Operations and Management Area
Session Requester: Tim Wicinski


Number of Sessions: 2
Length of Session(s):  2 Hours, 1 Hour
Number of Attendees: 160
Conflicts to Avoid: 








People who must be present:
  Benno Overeinder
  Suzanne Woolf
  Tim Wicinski
  Warren "Ace" Kumari

Resources Requested:

Special Requests:
  Longer session first if possible
-


___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] I-D Action: draft-ietf-dnsop-rfc7816bis-10.txt

2021-07-02 Thread internet-drafts



A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.

Title   : DNS Query Name Minimisation to Improve Privacy
Authors : Stephane Bortzmeyer
  Ralph Dolmans
  Paul Hoffman
Filename: draft-ietf-dnsop-rfc7816bis-10.txt
Pages   : 14
Date: 2021-07-02

Abstract:
   This document describes a technique called "QNAME minimisation" to
   improve DNS privacy, where the DNS resolver no longer always sends
   the full original QNAME and original QTYPE to the upstream name
   server.  This document obsoletes RFC 7816.

   This document is part of the IETF DNSOP (DNS Operations) Working
   Group.  The source of the document, as well as a list of open issues,
   is at 


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc7816bis/

There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-rfc7816bis-10

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-rfc7816bis-10


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Fwd: New Version Notification - draft-ietf-dnsop-svcb-https-06.txt

2021-07-02 Thread Dick Franks

Feedback on SVCB draft 06 as requested.

On Mon, 28 Jun 2021 at 02:39, Tim Wicinski  wrote:
>8
>
> The chairs would like the WG to review these changes, and give us some 
> feedback.

6.1.  "alpn" and "no-default-alpn"

   The presentation "value" SHALL be a comma-separated list
   (Appendix A.1) of one or more "alpn-id"s.  Zone file implementations
   MAY disallow the "," and "\" characters instead of implementing the
   "value-list" escaping procedure, relying on the opaque key format
   (e.g. "key1=\002h2") in the event that these characters are needed.

If implementations MAY ignore the escape mechanism Appendix A.1 completely,
there is little incentive to do otherwise.

However, implementations that do not exercise that option expose themselves
to a litany of potential security weaknesses:

These range from argument strings which produce corrupt content:

   example.com.   SVCB   1 example.com. ipv6hint="2001:db8:5c:5c5c::1"

not ok 29 - SVCB ipv6hint shrinkage
#   Failed test 'SVCB ipv6hint shrinkage'
#   at test.pl line 149.
#  got: 'example.com.INSVCB( \# 33 0001
076578616d706c6503636f6d00 ; example.com.
# 0006 000e 20010db8005c0001 )'
# expected: 'example.com.INSVCB( \# 35 0001
076578616d706c6503636f6d00 ; example.com.
# 0006 0010 20010db8005c5c5c0001 )'

to crafted RRs which silently subvert the parsing process in undesirable ways:

   example.com.   SVCB   1 example.com.
ipv4hint="92.48.55.48,92.48.56.53,92.48.54.54,92.48.56.50"

not ok 30 - SVCB ipv4hint subversion
#   Failed test 'SVCB ipv4hint subversion'
#   at test.pl line 149.
#  got: 'example.com.INSVCB( \# 23 0001
076578616d706c6503636f6d00 ; example.com.
# 0004 0004 46554252 )'
# expected: 'example.com.INSVCB( \# 35 0001
076578616d706c6503636f6d00 ; example.com.
# 0004 0010 5c3037305c3038355c3036365c303832 )'

D.3.  Failure cases

The following additional test vectors are listed below the
corresponding requirement.

 [9, para 1]
 In presentation format, the value is a [SINGLE] ECHConfigList encoded
in Base64.

  example.com.  SVCB  1 foo.example.com. ech; missing argument
  example.com.  SVCB  1 foo.example.com. ech=b25l,dHdv  ; multiple arguments

 [6.2, para 2]
 The presentation "value" of the SvcParamValue is a [SINGLE] decimal
integer between 0 and 65535 in ASCII.

 Note: Character set cannot be specified here; it is whatever the
platform or zone file uses (EBCDIC for example).

  example.com.  SVCB  1 foo.example.com. port=1234,4678 ; multiple arguments

 [6.1, para 6]
 When "no-default-alpn" is specified in an RR, "alpn" must also be
specified in order for the RR to be "self-consistent" (Section 2.4.3).

  example.com.  SVCB  1 foo.example.com. (
  no-default-alpn   ; without expected alpn
  )

D.2.  Service form

The test vector for unsorted SvcParams would be better expressed using
numerical keys and disentangled from extraneous clutter.

  example.com.  SVCB  1 foo.example.org. (  ; unsorted SvcParam keys
  key23609 key23600 mandatory=key23609,key23600
  )

--rwf

>
> -- Forwarded message -
> From: 
> Date: Wed, Jun 16, 2021 at 10:29 AM
> Subject: New Version Notification - draft-ietf-dnsop-svcb-https-06.txt
> To: Tim Wicinski 
>
>
>
> A new version (-06) has been submitted for draft-ietf-dnsop-svcb-https:
> https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-06.txt
> https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-06.html
>
>
> The IETF datatracker page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/
>
> Diff from previous version:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-svcb-https-06
>
> IETF Secretariat.
>
>
> ___
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] dnsop - Requested sessions have been scheduled for IETF 111

[DNSOP] I-D Action: draft-ietf-dnsop-rfc7816bis-10.txt

Re: [DNSOP] Fwd: New Version Notification - draft-ietf-dnsop-svcb-https-06.txt

3 matches

Site Navigation

Mail list logo

Footer information