> On Sep 4, 2021, at 6:57 AM, Christian Huitema <[email protected]> wrote: > I assume that at least in an initial phase, there will be clients that do not > have a certificate, such as for example small networks, or users running > their own recursive resolver.
There probably always will be, yes.
> What would your preferred policy be for those resolvers? Would you let them
> use TLS without client authentication, or would you want them to fall back to
> clear text?
Speaking again with my authoritative hat on, my main concern is that they use
TCP, so that we can distinguish them from DDoS traffic. From my point of view,
the data I’m serving is all public information, so I don’t care whether it’s
encrypted or not. If it’s unencrypted, I can serve it a little faster, and I
can serve more people at lower cost. If it’s encrypted, it provides more chaff
for those who do need encryption, and normalizes encryption so that those who
need it stand out less from the crowd. So I’m neutral on that issue.
With my recursive hat on, yes, I’d definitely like to be able to use
unauthenticated TLS, in order to provide a little more privacy for my
down-stream users, particularly for the idiots who want ECS.
So, prioritizing from strongest to weakest:
Server authentication:
DANE authenticated
Shared token (TSIG or equivalent)
CA cert
Unauthenticated
Client authentication:
DANE authenticated
Blind signature (draft-irtf-cfrg-rsa-blind-signatures)
Shared token (TSIG or equivalent)
CA cert
Unauthenticated
Transport:
DoT
DoH
TCP
UDP
I’ll reserve judgment on DoQ until it’s a little more real.
-Bill
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
