[09:54:03] Kev: So explicit whitelisting isn't quite what we have now, it's true. [09:55:58] dwd: I'm wondering if just a DNS record might help. Not mad keen on filling DNS with rubbish, mind. [09:56:27] Kev: dnssec-signed, presumably. [09:57:28] dwd: The case where an attacker removes the DNS record leaves us in the same situation as we're in now, though, so while DNSSEC feels desirable, I think an unsigned record would still be useful. [09:58:09] Kev: Yes. [09:58:18] Kev: I don't see a problem with getting this deployed by the new year :) [09:58:53] dwd: Hmmm... Actually we could use unsigned DANE records for this.
So, following on from what I posted on operators@, if DANE records were published, then servers might choose to honour some DANE records (I'm thinking types 0/1, perhaps) as indicating there should be no fallback - even if the DANE records are not signed. The security impact is: - If an attacker removes the record by fiddling with the DNS, then they can mount an MITM attack. Note that they can also fiddle the DNS into redirecting the connection too. It's not clear if this makes things any harder than before. - If an attacker adds in a TLSA record, this could act as a denial of service. On reflection, I'm not sure if this is actually an overall benefit, but I thought I'd throw the idea out. Dave.
