On Mon, Oct 13, 2014 at 11:38 AM, Paul Hoffman <[email protected]> wrote: > On Oct 13, 2014, at 8:20 AM, Paul Wouters <[email protected]> wrote: > >> On Mon, 13 Oct 2014, Paul Hoffman wrote: >> >>> Ummm, aren't we forgetting what is for many the much larger cons: >>> >>> * The nameserver has to do a Diffie-Hellman key agreement with every >>> relying party, hugely increasing the CPU load. >>> * The private key must be online all the time. >>> * The private key must be shared by all the nameservers. >> >>> Remember: DNSSEC is sign-once-and-serve; DNScurve is >>> server-does-crypto-for-every-query. >> >> Any dns privacy protocol that wants PFS + encrypted communication would need >> to do that too? > > Yes, which is why this WG charter is focused only on the stub-to-recursive > link. The private key for a recursive resolver that talks to the .com > authoritative server has very different value than the private key for the > .com zone.
I think we can maybe clarify the charter a little here. Protecting the integrity of the messages between the stub and the resolver should be a requirement for any spec. But authenticity of the authoritative zone data is a completely separate problem. For that purpose we want to be able to do offline signing. So rather than ruling authentication out of scope, I would prefer if we ruled only authentication of authoritative zone data out of scope. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
