On Tue, 6 May 2025, Philip Homburg wrote:
Adding an insecure delegation is a good way to tell validators that there is
going to be an insecure zone. It is a practical mechanism that is proven to
work.
I have no clue how to design a protocol where a mobile device can attach
to an unknown network and get (negative) trust anchors without potentially
compromising the entire security of DNSSEC.
If you have an idea what such a protocol could look like, maybe you can share
it.
For devices that move from one network to another, probably some variety
of TOFU, the first time you start up a device you do it on your home
network and it fetches the anchors. After that they don't change, or
maybe the old key signs the new one like for root key rolls.
For devices that stay put, the same thing could work, or they could just
believe their local cache.
I realize this is not bulletproof, but it seems less bad than, well,
there's a negative anchor at the root so anything goes.
R's,
John
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
