On Fri, Dec 10, 2021 at 5:16 PM Daniel Kahn Gillmor <[email protected]> wrote:
> One of the concerns raised at IETF 112 about > draft-dkgjsal-dprive-unilateral probing was that unilateral probing by > recrusive resolvers might "poison the well" and discourage authoritative > servers from deploying encrypted transport. > "4.5.3.4. Authoritative Server Authentication" is permissive towards authentication. If resolver implementers are allowed to implement some varying behaviors here, authoritative operators will be stuck dealing with the resolvers' multitude of behaviors. This will make TLS deployment (and changes) brittle and difficult. This should ideally be replaced with "resolvers discovering TLS support solely via unilateral probing MUST NOT perform ANY authentication or validation whatsoever on the TLS certificate(s) presented by the authoritative name server". As an example, certificate pinning by resolvers would cause TLS certificate auto-rotation to break. Validation might also break "automatic opportunistic TLS" where the server self-provisions a self-signed cert for its lifetime and throws it away on restart. When used on an anycast network, those servers would all have valid certs but every connection might present unrelated certs. If the resolver tries to be clever, adding more servers might break everything.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
