On 10/29/2019 5:01 PM, Eric Rescorla wrote: > Ben, > > Is what you're saying here that .com provides the NS record for > example.com <http://example.com> and that may not itself be > example.com <http://example.com>, but instead ns.server.invalid, and > therefore if you can't trust .com then it doesn't matter if > ns.server.invalid has a WebPKI cert?
We want to assure integrity and confidentiality of the exchanges, which clearly requires authenticating the server. So if for .com the server "a.gtld-servers.net" provides for "privateoctopus.com" the NS record "ns-125.awsdns-15.com", I want to authenticate "ns-125.awsdns-15.com". That's exactly how it is supposed to work. The related question is whether "ns-125.awsdns-15.com" is in fact authorized to provide answers for "privateoctopus.com". ADOT provides some assurance of that, but if you want proofs the answer is DNSSEC. But then, there is a special concern for the scenario in which the authoritative server has been corrupted and sends back a bogus A record for "www.example.com", pointing to an attacker-controlled copy of the original server, and then using DNS based verification process to obtain a bogus PKI certificate for the copy. In practice, issuance of domain based PKI certificates relies on the integrity of the DNS. ADOT plays a role in that integrity. It would be better if the integrity of ADOT did not depend on PKI, because that would introduce a circular dependency. Using DANE instead of PKI there seems prudent. -- Christian Huitema
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
