On Sun, Oct 6, 2024 at 12:17 PM Eric Rescorla <e...@rtfm.com> wrote:
> This is explicitly prohibited rfc9460 as it would provide linkability. >>> See rfc9460 section 12: "Clients MUST ensure that their DNS cache is >>> partitioned for each local network, or flushed on network changes, to >>> prevent a local adversary in one network from implanting a forged DNS >>> record that allows them to track users or hinder their connections after >>> they leave that network." >>> >> >> Not if the ECH record is DNSSEC signed. >> > > Except that no browser client does DNSSEC validation and there is no > realistic prospect of that changing. > If you have a TRR configured that does DNSSEC, you can send the DO bit and still have the advantage of the upstream DNSSEC without doing the work in the browser. This would be fine for preconfigured trusted DNS servers, but I would not trust anything obtained via the ADD protocol as those are network dictated and not user trusted. Of course even better is using RFC 7901 Chain Query and run the few signature validations yourself. It only costs 1RTT, just like a regular DNS lookup. The arguments for not doing this are pretty weak (and if they are not, I'd love to see an explanation in the Security Considerations why to not use a security control other than, "we didn't like how it worked 20 years ago" ) Paul
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
