Greetings again. I really like many of the changes in draft-ietf-dprive-phase2-requirements-02 and think that it gets closer to what we want for requirements. One of the requirements seems unnecessary, however.
7. The authoritative domain owner or their administrator MUST have
the option to specify their secure transport preferences (e.g.
what specific protocols are supported). This SHALL include a
method to publish a list of secure transport protocols (e.g.
DoH, DoT and other future protocols not yet developed).
If the WG does with DoT and/or DoQ, you can discover the server's capabilities
by probing port 853 and TBD-Q, or maybe by finding TLSA records. There is only
a need to "publish" a list of secure protocols if they include DoH or DoHoQ.
Also, some folks on this list have already complained about added complexity of
discovery mechanisms.
In addition this SHALL include whether a secure transport protocol
MUST always be used (non-downgradable) or whether a secure
transport protocol MAY be used on an opportunistic (not strict)
basis in recognition that some servers for a domain might use a
secure transport protocol and others might not.
It is impossible for a server to tell whether a resolver is authenticating, so
being able to say "you must authenticate" is kinda just posturing. The choice
of whether or not to connect should always be with the resolver. Further, if a
resolver is using a mechanism that requires strict authentication, it truly
doesn't matter what the authoritative server has said it wants.
This whole requirement could be dropped and it would not affect the security or
availability of the desired service.
--Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
