On Feb 15, 2021, at 2:49 PM, Eric Rescorla <[email protected]> wrote: > The reason we have WGs is to work out such matters in detail, no? And in > particular, I think the WG should try to figure out the problem space before > designing.
Yes, please. > However, it seems like there's a relatively obvious strawman proposal here: > > - We invent some mechanism that allows you to specify in an NS record that > the server takes TLS (as a hacky example, "servers have to be named > <some-sentinel>.example.com"). > - Servers are authenticated via the WebPKI, with the name as listed above. That addresses just one part of the problem space, the authentication of the authoritative server. Another part, which people have brought up a few times, is discovery (which is part of the first of those proposals, but not the second). Yet another is how a client of the resolver would determine if a lookup error means "the name doesn't exist" or "the name exists but the resolver was not able to get an authenticated answer". > I'm sure there are plenty of things that people won't like about this (e.g., > I imagine that some people would like to use DNSSEC), and the signal I just > invented is gross. Maybe in the process of deciding what people don't like > about this, we can understand the problem space better. The biggest one: which group of Internet users would want to use a resolver that will refuse to give useful answers if the answers aren't authenticated? Without understanding those users (as compared to a few people who would want to set up such a resolver), we can't evaluate such a design. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
