On 11/19/20 2:05 PM, Peter van Dijk wrote: > 1. auth operators publish TLSA records for their NSes > 2. the registry, while generating zone files, queries for those TLSA records > 3. from the found TLSA records, the registry generates DOTPIN DSes > 4. the DOTPIN DSes are published alongside the domain owner's NSes, DSes, and > perhaps the DiS
Intriguing but isn't it unnecessarily complicated? If we assume that DiS-like is possible, I'd rather replace the DOTPIN-related parts by some simple flag that tells if the zone's policy is to avoid cleartext. I.e., in comparison with today, the parent side would additionally sign: (a) the NS set - e.g. via DiS; that's because signing certs directly has those scalability issues (b) and this "policy flag" in some way (say, yet another DS alg like DiS, but there are other ways). The reasons are that I believe we want a possibility of downgrade resistance. More details: the rest of the trust chain could be TLSA or something similar on those NSs, looked up separately by a supporting resolver, assuming these can again be DNSSEC-validated (for now let me avoid trying to define the case when they can't). Maybe this "policy flag" could be more than binary, too, e.g. allowing to indicate that the NSs may support DoT but it's OK if the supporting resolver isn't strict - and a third case might mean that resolvers shouldn't even attempt a secure transport (as optimization). Of course, it's still not as nice as I'd like it (but maybe no perfect solution exists anyway), e.g.: - the TLSA lookup would add latency (at least I expect its TTL high enough to amortize for larger NSs), and - there are edge cases like privacy being hard for zones containing those TLSA records (circular dependencies; I expect we can sacrifice privacy of those TLSAs at least), and - it again assumes abusing DS - that's avoidable in theory but it may be too difficult to make the parent-side sign and return the necessary information in other ways (soon-ish). In retrospect I see that what I wrote is very similar to Manu's "Do9" except for replacing WebPKI by TLSA, with all their pros and cons: https://datatracker.ietf.org/meeting/104/materials/slides-104-dprive-dot-for-insecure-delegations-01 --Vladimir _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy