Hi Christian, Thanks for sharing your opinion about current approaches and also CGA-TSIG.
> If we do change the client and resolver, a number of alternatives can > be used, such as: > > * Use the same trick as CGA but encode the hash of the certificate as a > name part, e.g. "AF4563ED0B561.example.com". This is probably easier to > use than CGA, because names are less restricted than addresses. True, This is to some extend prevents exposing information and I think this is how NSEC3 works. But do you think it is applicable for resolver scenario. I think in this case we have two scenarios 1- client sends a plain text to resolver, resolver can respond to client with hashing the whole query. IN other words the whole www.example.com can be hashed and resolver can respond to the client by sending abcabcabcabc. In this case, if people here are worry about plain text, then the plain text is already exposed in client's request. 2- client cannot hash all its query. This is because the resolver does not know then what is the content of its query so that it can ask the right authoritative server. Therefore only the first scenario can happen that it still might expose information. > * Use Secure DNS, or DANE, to verify the resolver certificate. > Both of these approaches have the same property of reusing an existing > provisioning channel. The DANE approach is probably easier to manage, > because both the "hash in the address" and "hash in the name" > approaches have a hard time dealing with certificate renewal. DANE might be ideal for some scenarios but I think for this scenario where we are talking about last miles of the internet (end users), the pre-configuration of clients with trusted anchor/s for certain domain might not allow unknown nodes to use this service or administrative overheads. Because a node might also move from one network to another. This is why I thought CGA-TSIG can be helpful in such scenarios. I again do not claim that it is the best approach but I think it reduces many required configuration. About generating new keys (dealing with certificate renewal), I also thought about an approach and how client or server can inform the other communicating party about the new keys. because in my proposal I tried to considered all possible situation such as dynamic environment where nodes need to change their IP address or their keys. However, I guess for DNS server, changing keys might be a rare case. In other word, what I understands from DANE, clients needs to be configured with the list of trusted anchors for certain domains. While CGA-TSIG need only the IP address of resolver or maximum the hash of public key and IP address (for IPv4). This IP address can be received either from Secure RA or from protected DHCP server or even set manually. Thanks, Best, Hosnieh _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy