CGA-TSIG is a possible solution to the "secure-provisioning" problem. The IPv6 CGA address contains a hash of a public key used to secure the service. If the address is provisioned in a secure manner, then the client can authenticate the resolver, by verifying that the resolver's certificate matches the hash in the IPv6 address. I am not sure that this is the best solution, but it is certainly more secure than pointing the resolver to "8.8.8.8" and later observing that this is in fact rerouted to the Turkish police.
This kind of provisioning is a tradeoff. The main advantage is to not create a new provisioning channel. No need to be bothered with entering a certificate, entering the address suffices. But of course the flip side is that it only works if we update the DNS client and the resolver. If we do change the client and resolver, a number of alternatives can be used, such as: * Use the same trick as CGA but encode the hash of the certificate as a name part, e.g. "AF4563ED0B561.example.com". This is probably easier to use than CGA, because names are less restricted than addresses. * Use Secure DNS, or DANE, to verify the resolver certificate. Both of these approaches have the same property of reusing an existing provisioning channel. The DANE approach is probably easier to manage, because both the "hash in the address" and "hash in the name" approaches have a hard time dealing with certificate renewal. But, yes, solving the "secure provisioning" issue would be nice. -- Christian Huitema _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
