On Mon, Oct 7, 2024 at 6:01 AM Paul Wouters <paul.wout...@aiven.io> wrote:
> > On Sun, Oct 6, 2024 at 12:17 PM Eric Rescorla <e...@rtfm.com> wrote: > >> This is explicitly prohibited rfc9460 as it would provide linkability. >>>> See rfc9460 section 12: "Clients MUST ensure that their DNS cache is >>>> partitioned for each local network, or flushed on network changes, to >>>> prevent a local adversary in one network from implanting a forged DNS >>>> record that allows them to track users or hinder their connections after >>>> they leave that network." >>>> >>> >>> Not if the ECH record is DNSSEC signed. >>> >> >> Except that no browser client does DNSSEC validation and there is no >> realistic prospect of that changing. >> > > If you have a TRR configured that does DNSSEC, you can send the DO bit and > still have the advantage of the > upstream DNSSEC without doing the work in the browser. > If you do encrypted DNS to a TRR, then you're not subject to attack by resolvers on the local network, regardless of whether they do DNSSEC. > Of course even better is using RFC 7901 Chain Query and run the few > signature validations yourself. It only costs > 1RTT, just like a regular DNS lookup. > The issue with local DNSSEC validation isn't primarily performance; it's breakage by nonconforming intermediaries. Actually, as I read RFC 7901, the situation is even worse because there are going to be valid non-RFC 7901 implementing resolvers, and so the attacker -- who, recall, controls the local network -- can just refuse the discovery process described in S 5.1. -Ekr
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
