Folks, I summarize all MY thoughts here. If you are object or think I am wrong, please argue with your reasons and give an example.
1- Opportunistic encryption is not appropriate for the privacy of stub resolver to recursive resolver scenario unless the node has a possibility to authenticate this resolver. If you think when your domain is signed by DNSSEC, a fake resolver cannot cause any problem for you, I gives you an example. You can argue with your own example. This is the scenario where there is no authentication but a record is supposed to signed by a DNSSEC server. A domain called www.example.com signed by DNSSEC A. Client B wants to browse "www.example.com". It asks the IP address of this from resolver C. Attacker D spoof the IP address of resolver C and response to this query with the IP address of his own server F. If the client supports DNSSEC then, the attacker sign www.example.com with address of server F using his own key and sends it back to client B. Client B needs to verify resolver C. The problem here is that Client B only knows resolver C and needs to ask the other queries from Resolver C. These include the IP address of example.com, .com and . to verify the key sent by resolver C. Resolver C answers all queries with wrong IP addresses that so that all queries ends to itself or one of the servers of himself. So, either client B encrypt the queries send back and forth to the resolver, it ends to the case where the unwanted person can still eavesdrop this communication by directly answer to the node in place of resolver. In my opinion it does not matter whether this record is signed or encrypted, the attacker can directly be in the middle of the communication and forward all the packets to his desire place. So DNSSEC in this stage or last mile does not help. 2- Passive attack in resolver scenario seems inappropriate because an attacker can easily do active attack (as explained in item 1) and retrieve information it seeks. So he doesn’t need to do passive attack to retrieve domain information. Maybe passive attacks happens after sending wrong information to victim node and it is for web application or etc. but not at the entry point. The other reason is that node only once asks the resolver about the IP address of a certain website or server. Passive attack usually makes sense when there is a continuous communication between two nodes for a certain time. But this is not a case for resolver scenario where the attacker can actively introduced himself as a resolver. 3- For DNS privacy both encryption and authentication is necessary. When authentication is not possible, encryption doesn't help because of what explained in item 1 and 2. When encryption is not possible, this is where the passive attack makes sense because the attacker cannot claim to be a resolver (authentication will fail) so it uses his last chance to eavesdrop the communication. But in case authentication is not available, this attacker easily introduced himself as a resolver. This gives him more chance to obtain more information and even redirect all packets to his own place, infect user's computer or any further attacks. Best, Hosnieh _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
