The IESG has received a request from the DNS PRIVate Exchange WG (dprive) to consider the following document: - 'Specification for DNS over TLS' <draft-ietf-dprive-dns-over-tls-06.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2016-03-15. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes the use of TLS to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in [RFC7258]. In addition, this document specifies two usage profiles for DNS-over-TLS and provides advice on performance considerations to minimize overhead from using TCP and TLS with DNS. This document focuses on securing stub-to-recursive traffic, as per the charter of the DPRIVE working group. It does not prevent future applications of the protocol to recursive-to-authoritative traffic. Note: this document was formerly named draft-ietf-dprive-start-tls-for-dns. Its name has been changed to better describe the mechanism now used. Please refer to working group archives under the former name for history and previous discussion. [RFC Editor: please remove this paragraph prior to publication] The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dprive-dns-over-tls/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-dprive-dns-over-tls/ballot/ No IPR declarations have been submitted directly on this I-D.
