On Apr 27, 2015, at 12:50 PM, Christian Huitema <[email protected]> wrote: >> Which is why I propose what is in effect a STLS (Staleless TLS) in >> which each UDP request packet (optionally) contains the full state >> required to decrypt it at the server. > > Without going in the details, there are two types of solution to the anycast > problem: either some form of pinning, so requests from a given context are > guaranteed to arrive at the server with that context; or, somehow ensuring > that the requests carry enough state that they can be understood by any > server in the pool. > > I understand how to do pinning: a first transaction to the anycast address > returns the unicast address of the relevant server. Not perfect, because it > adds a roundtrip during the initial setup, but easy to understand. > > I am not sure about the way to carry "enough state in each request." > Especially if we want to do PFS, which means negotiating different session > keys over time. I assume that the client could learn a "temporary key" that > is understood by all servers in the pool, and use that to encrypt the > messages. But then that requires a fair bit of coordination between the > servers in the anycast pool.
There is a third solution to the "anycast problem", which is what is done today in all systems that use anycast: assume that it happens so rarely, that a rare reset is just fine. --Paul Hoffman _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
