Hiya, On 15/12/2018 00:37, Daniel Kahn Gillmor wrote: > i think you're suggesting some sort of "starttls"-like mechanism -- > start a DNS connection to an authoritative server, and then the server > lets you know "hey you might also want to try me in the future via > private channels" > > is that what you're proposing?
I wasn't proposing, just asking:-) But yes, a starttls like scheme could be one approach. > if so, it has the unsatisfying aspect common to all starttls-like > proposals: it can be trivially stripped. > > it is also unsatisfying in the DNS world because there typically isn't > a handshake -- the first packet contains the sensitive data that you > might want to keep private. > > It could certainly help over the longer term against a passive monitor > -- the initial privacy leak could be amortized over many future > communications between the resolver and the authoritative -- but it > still leaves the first connection to that server unprotected even > against passive attack, which is something that signalling in the name > could potentially avoid. Sure, I don't disagree with the above, and I wasn't arguing for this, more wondering for now if there're any gotcha reasons why it can't work. That said, perhaps one of the other trade-offs here is related to the potential ease/speed of deployment - if a mechanism that's TOFU-like or that needs pinning leaks a little at first but were easier to deploy and more likely to spread, (say if all that were needed was a s/w update), then that's something to take into consideration. Cheers, S.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
