Rich Felker:
> > It would be a mistake to use TLSA records from an unsigned domain.
> > That would be no more secure than accepting a random server
> > certificate. All the pain of doing TLSA and none of the gain, just
> > security theatre.
>
> It's not security theater. It (1) ensures that you do use records for
> a signed domain even if you were unable to determine it was signed,
> due to issues like lack of AD bit in musl or stripping of AD bit by
> glibc default configuration, and (2) makes it so an attacker wanting
> to MITM needs to be able to do so on DNS channel, not just route to
> the MX. (For example this might be difficult or impossible for the
> attacker if DNS is routed over DoH, or if attacker can sit somewhere
> between client and MX but not between client and the nearest anycast
> 8.8.8.8.)
Congratulations! You just gave a new definition of security theatre:
using an unauthenticated channel to distribute trust anchors. You
can consider libc-musl as unsupported from now on.
Wietse
