From: dns-privacy <[email protected]> On Behalf Of Ben Schwartz Sent: Tuesday, February 16, 2021 12:01 PM To: Paul Wouters <[email protected]> Cc: Paul Hoffman <[email protected]>; [email protected] Subject: [EXTERNAL] Re: [dns-privacy] Authentication in draft-ietf-dprive-opportunistic-adotq
[SAH] [snip] I think the scary part is that an authenticated TLS failure (due to misconfiguration, bug, overload, or rollback) results in an outage. draft-ietf-dprive-opportunistic-adotq never results in an outage; you just fall back to cleartext and pay a small latency penalty. [SAH] It’s more than that. TLS adds complexity, complexity adds fragility, and fragility leads to outages or compromises. NIST‘s National Vulnerability Database (https://nvd.nist.gov/) lists 950 TLS vulnerabilities since 1999, and 347 in the past three years. Authoritative name servers that don’t implement TLS don’t have to worry about any of them. Add TLS, and now we do. I do agree with what you said above about just falling back to cleartext in case TLS doesn’t “work” for some reason. A TLS failure MUST NOT have an impact on availability. Scott
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
