Paul Hoffman <paul.hoff...@icann.org> wrote: > > I do not have a scenario where the client (the resolver in this case) > needs downgrade protection for privacy.
In that case there's no need to worry about authentication at all. (But I disagree.) More generally, I don't think the term "opportunistic" is very helpful, because there are several useful levels: * cleartext * unauthenticated - the client auto-discovers encryption is available, but doesn't have any way to reliably authenticate the server; an attacker can force the client to downgrade to cleartext. * authenticated - there is an explicit signal (e.g. DANE, STS) that the server supports properly authenticated encryption; an attacker can deny service but not force a downgrade to cleartext. * pre-configured The end goal we should be aiming for is as much authenticated encryption as possible, but it's reasonable to allow unuathenticated encryption as an intermediate step. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ safeguard the balance of nature and the environment _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy