2026-04-05
04 (System) Document has expired
2025-10-02
04 周伯才 New version available: draft-zhou-tls-tls14-04.txt
2025-10-02
04 周伯才 New version accepted (logged-in submitter: 周伯才)
2025-10-02
04 周伯才 Uploaded new revision
2025-10-02
03 周伯才 Changed document external resources from:
Archiv: Internet Engineering Task Force (IETF)
What is DNS over TLS?
DNS over TLS (DoT) is a protocol for the encrypted transmission of DNS (Domain Name System) queries. Name resolution on the Internet is typically transmitted unencrypted via UDP. With DoT, however, the assignment of domains and the associated IP addresses is encrypted using the Transport Layer Security (TLS) protocol. This protects the transmission from interception, manipulation and man-in-the-middle attacks.
DNS over TLS: Definition
DoT is the standard (RFC 7858) proposed by the Internet Engineering Task Force (IETF) for fortifying DNS connections. In contrast to conventional DNS requests, DoT establishes a secure TCP (Transmission Control Protocol) connection between the client and the DNS server, which is authenticated and encrypted using TLS.
Ende von TLS 1.0 und TLS 1.1
(2. April 2019)
Die Version 1.0 und 1.1 des TLS-Protokolls gelten bereits seit geraumer Zeit als unsicher und veraltet. Mit TLS (“Transport Layer Security”) verabschiedete die Internet Engineering Task Force (IETF) einen Standard zum verschlüsselten Seitenabruf via HTTPS. Gemeinhin ist der Begriff “SSL” (“Secure Sockets Layer”) geläufiger. Hierbei handelt es sich um eine mittlerweile ebenfalls veraltete TLS-Version – seit 1999 wird das neuere TLS-Protokoll bereits verwendet.
Internet Engineering Task Force Considers Making Surveillance Mitigation A Standard Part Of Its Specifications
As that shows, this is a high-level technical specification; it‘s not about how to mitigate pervasive monitoring, but about the fact that Internet engineers should always think about how to mitigate such surveillance when they are drawing up IETF specifications. It‘s great that the IETF is starting to work along these lines, even if it is a rather melancholy acknowledgement that we now live in a world where the default assumption has to be that someone, somewhere, is trying to monitor on a massive scale what people are doing.
IETF Draft Wants To Formalize ‚Man-In-The-Middle‘ Decryption Of Data As It Passes Through ‚Trusted Proxies‘
One of the (many) shocking revelations from the Snowden leaks is that the NSA and GCHQ use „man-in-the-middle“ (MITM) attacks to impersonate Internet services like Google, to spy on encrypted communications. So you might think that nobody would want to touch this tainted technology with a barge-pole. But as Lauren Weinstein points out in an interesting post, the authors of an IETF (Internet Engineering Task Force) Internet Draft, „Explicit Trusted Proxy in HTTP/2.0,“ are proposing not just to use MITMs, but also to formalize their use.
IETF wird politisch und beschließt, dass massenhafte Überwachung als Angriff zu bewerten ist
Diese Woche trifft sich zum mittlerweile 88. Mal die Internet Engineering Task Force, dieses Mal in Vancouver, Kanada. Die IETF ist eine lose Organisation von Administratoren, Sicherheitsexperten und interessierten Menschen, die sich um Protokolle und technische Standards, auf denen das Internet basiert, kümmern möchten.