> Which is why I propose what is in effect a STLS (Staleless TLS) in > which each UDP request packet (optionally) contains the full state > required to decrypt it at the server.
Without going in the details, there are two types of solution to the anycast problem: either some form of pinning, so requests from a given context are guaranteed to arrive at the server with that context; or, somehow ensuring that the requests carry enough state that they can be understood by any server in the pool. I understand how to do pinning: a first transaction to the anycast address returns the unicast address of the relevant server. Not perfect, because it adds a roundtrip during the initial setup, but easy to understand. I am not sure about the way to carry "enough state in each request." Especially if we want to do PFS, which means negotiating different session keys over time. I assume that the client could learn a "temporary key" that is understood by all servers in the pool, and use that to encrypt the messages. But then that requires a fair bit of coordination between the servers in the anycast pool. -- Christian Huitema _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
