On Fri, Nov 1, 2019 at 8:16 AM Brian Dickson <[email protected]> wrote:
> > > On Thu, Oct 31, 2019 at 7:38 PM Eric Rescorla <[email protected]> wrote: > >> >> >> On Thu, Oct 31, 2019 at 2:41 PM Brian Dickson < >> [email protected]> wrote: >> >>> IMNSHO, ADoT at the leaf + QNAME minimization is all that is required >>> for privacy. >>> I.e. No need for ADoT anywhere other than at the leaf zone's name server >>> (whose NS name might not be in-bailiwick, FYI). >>> >> >> Hmm.... I think that's only true if you are assuming that the NS record >> for the leaf is DNSSEC secured, but that doesn't seem like a safe >> assumption. >> > > Let me re-emphasize this from the original statement: "FOR PRIVACY". > > DNSSEC security is orthogonal to privacy, and is not a requirement FOR > PRIVACY. > I don't believe that that's correct in this case. The issue here is that in order to provide confidentiality for the queries (in this case to the authoritative) you need to authenticate the resolver. And that means authentically learning the name of the resolver. So, for instance, if I go the learn the NS for .com and the attacker gives me www.attacker.com, then he can learn my queries. The name of the resolver can be authenticated by DNSSEC or (less strongly) by having each query protected via secure transport. -Ekr
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
