Martin Hoffmann <[email protected]> wrote: > > Downgrade seems to be an issue with all proposals.
The tradeoffs seem to revolve around how much you leak before you work out whether you can use strict DoT, and how much added latency that costs. If you are talking to a nameserver via its canonical name, then asking for its TLSA record in the clear is not really leaking anything that isn't leaked by observing IP addresses and port numbers. And signed TLSA records prevent downgrade attacks. The other side of this tradeoff is the whole argument around gluelessness vs. in-bailiwick namesserver names. If you give your servers non-canonical in-bailiwick names then cleartext TLSA queries will leak the zone name, which is not so great. TA hints in the nameserver name can reduce the leakage to passive surveillance but not downgrade attacks. > One option is to create a hash over the NS record set and place it in the > parent zone in the same way as the DS record. This could either be a new > record type or, devious but possibly deployable right now, (ab)use the DS > record for the purpose with a new algorithm type. That's a neat hack and also quite disgusting :-) Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Fisher, German Bight: South 5 or 6, occasionally 7 later. Slight or moderate. Showers. Good. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
