On Jun 10, 2021, at 3:17 PM, Paul Wouters <[email protected]> wrote: > > On Thu, 10 Jun 2021, Paul Hoffman wrote: > >>> I understand the desire but I don’t agree as this signal is insecure, and >>> foresee TLDs abusing this as potential nation state monitor / privacy leak. >> >> Please say more. I don't see how this proposal leaks anything that could not >> be trivially determined by probing. > > A nationstate could add unsigned NS glue to their zone for domains they > are interested in and trigger people('s resolvers) to go to "their" > secure transport IP and do logging.
This is a problem with unsigned NS, not unsigned labels in the name. > If you use DS, they would at least have to sign for it _and_ you can > verify the DS via CDS so now such a parent would have to do a lot more > and leave cryptogrpahic evidence of their efforts. Is your proposal "DS in parent and matching DNSKEY in the child"? >>> I still prefer something with DS than can be signed, and validated by the >>> child as their intend via CDS. With transparency monitoring. >>> >>> If we are using overloading, might as well overload securely. >> >> If you write up a draft, I'm happy to send responses to particular >> statements in the draft. I don't see how such a DS could be specified in a >> way that would get more than a trivial amount of deployment. I would be >> happy to be wrong, given that DS is signed in the parent. > > We had several proposals written up. I don't think at this point we need > more or updated draft text. What you gave in your eariler is not sufficient for useful analysis, thus not for comparison. See my question above, for example. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
