On Tue, 19 Aug 2014, Hosnieh Rafiee wrote:
Still the nodes are in processing the hello client exchange and the encryption was not happened. As you explained in your draft, opportunistic security is in use. In other words, the server might not have certificate that is signed by a CA. In this case how the client or server react when an attacker intercept this communication and change "dns" to something else?
encryption might happen without authentication.
Now the question is that if an attacker has an opportunity to change this ALPN, what will happen?
encryption without authentication is not enough to defend against active attacks. If possible, use authenticated encryption. Note that DNSSEC provides authenticity of DNS data. So the only part of authentication that you gain is about privacy (encryption) of data, not about data integrity.
I think there is something important missing in your draft. For resolver's scenario IMHO, there is two important cases that the first one has a prioriry over the second one (this is of course my opinion and might not be the same as others) 1- authentication 2- encryption
If I'm at starbucks, I care more about encrypting the last mile then authenticating the random starbucks location. And even if I authenticated the starbucks, they will just use an ISP DNS server that sees all the queries, so that local authentication does not really help you much anyway.
I think authentication for a resolver is essential and more important than encryption.
DNSSEC allows us to ask DNS data from random attackers, as we will be able to verify the authenticity of data. I do not need to authenticate the resolver for that. So this is all about encryption. We might want to authenticate with the network to encrypt with the good guy and not the bad guy. But if you're in a random untrusted network, you are going with an unknown guy anyway, so authentication matters much less. Of course, if you can just level the network and setup a secure authenticated and encrypted DNS layer up to a trusted party, like your own DNS server via VPN, google dns or opendns via this draft's method plus an out-of-band public key for authentication, all the better. But these are two very distinct cases.
But IMHO, in scenarios where authentication has priority than encryption, opportunistic security is similar to not having any security. In other words, exposal of domain names are not as important as verification of the resolver.
This draft says nothing about authenticity of DNS data. For that, there is DNSSEC. Paul _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
