| draft-ietf-dprive-unauth-to-authoritative-03.txt | draft-ietf-dprive-unauth-to-authoritative-04.txt | |||
|---|---|---|---|---|
| Network Working Group P. Hoffman | Network Working Group P. Hoffman | |||
| Internet-Draft ICANN | Internet-Draft ICANN | |||
| Intended status: Experimental P. van Dijk | Intended status: Experimental P. van Dijk | |||
| Expires: January 13, 2022 PowerDNS | Expires: 1 April 2022 PowerDNS | |||
| July 12, 2021 | 28 September 2021 | |||
| Recursive to Authoritative DNS with Unauthenticated Encryption | Recursive to Authoritative DNS with Unauthenticated Encryption | |||
| draft-ietf-dprive-unauth-to-authoritative-03 | draft-ietf-dprive-unauth-to-authoritative-04 | |||
| Abstract | Abstract | |||
| This document describes a use case and a method for a DNS recursive | This document describes a use case and a method for a DNS recursive | |||
| resolver to use unauthenticated encryption when communicating with | resolver to use unauthenticated encryption when communicating with | |||
| authoritative servers. The motivating use case for this method is | authoritative servers. The motivating use case for this method is | |||
| that more encryption on the Internet is better, and some resolver | that more encryption on the Internet is better, and some resolver | |||
| operators believe that unauthenticated encryption is better than no | operators believe that unauthenticated encryption is better than no | |||
| encryption at all. The method described here is optional for both | encryption at all. The method described here is optional for both | |||
| the recursive resolver and the authoritative server. This method | the recursive resolver and the authoritative server. | |||
| supports unauthenticated encryption using the same mechanism for | ||||
| discovery of encryption support for the server as [FULL-AUTH]. | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 13, 2022. | This Internet-Draft will expire on 1 April 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | license-info) in effect on the date of publication of this document. | |||
| publication of this document. Please review these documents | Please review these documents carefully, as they describe your rights | |||
| carefully, as they describe your rights and restrictions with respect | and restrictions with respect to this document. Code Components | |||
| to this document. Code Components extracted from this document must | extracted from this document must include Simplified BSD License text | |||
| include Simplified BSD License text as described in Section 4.e of | as described in Section 4.e of the Trust Legal Provisions and are | |||
| the Trust Legal Provisions and are provided without warranty as | provided without warranty as described in the Simplified BSD License. | |||
| described in the Simplified BSD License. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Use Case for Unauthenticated Encryption . . . . . . . . . 3 | 1.1. Use Case for Unauthenticated Encryption . . . . . . . . . 3 | |||
| 1.2. Summary of Protocol . . . . . . . . . . . . . . . . . . . 3 | 1.2. Summary of Protocol . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 4 | 1.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Discovery of Authoritative Server Encryption . . . . . . . . 4 | 2. Discovery of Authoritative Server Encryption . . . . . . . . 4 | |||
| 3. Processing Discovery Responses . . . . . . . . . . . . . . . 5 | 3. Processing Discovery Responses . . . . . . . . . . . . . . . 5 | |||
| 3.1. Resolver Process as Pseudocode . . . . . . . . . . . . . 6 | 3.1. Resolver Process as Pseudocode . . . . . . . . . . . . . 6 | |||
| 3.2. Resolver Session Failures . . . . . . . . . . . . . . . . 7 | 3.2. Resolver Session Failures . . . . . . . . . . . . . . . . 7 | |||
| 4. Serving with Encryption . . . . . . . . . . . . . . . . . . . 7 | 4. Serving with Encryption . . . . . . . . . . . . . . . . . . . 8 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 8 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 9 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 9 | 8.2. Informative References . . . . . . . . . . . . . . . . . 10 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 1. Introduction | 1. Introduction | |||
| A recursive resolver using traditional DNS over port 53 may wish | A recursive resolver using traditional DNS over port 53 may wish | |||
| instead to use encrypted communication with authoritative servers in | instead to use encrypted communication with authoritative servers in | |||
| order to limit snooping of its DNS traffic by passive or on-path | order to limit snooping of its DNS traffic by passive or on-path | |||
| attackers. The recursive resolver can use unauthenticated encryption | attackers. The recursive resolver can use unauthenticated encryption | |||
| (defined in [OPPORTUN]) to achieve this goal. | (defined in [OPPORTUN]) to achieve this goal. | |||
| This document describes the use case for unauthenticated encryption | This document describes the use case for unauthenticated encryption | |||
| in recursive resolvers in Section 1.1. The encryption method with | in recursive resolvers in Section 1.1. The encryption method with | |||
| authoritative servers can be DNS-over-TLS [DNSOTLS] (DoT), DNS-over- | authoritative servers can be DNS-over-TLS [DNS-OVER-TLS] (DoT), DNS- | |||
| HTTPS [DNSOHTTPS] (DoH), and/or DNS-over-QUIC [DNSOQUIC] (DoQ). | over-HTTPS [DNS-OVER-HTTPS] (DoH), and/or DNS-over-QUIC | |||
| [DNS-OVER-QUIC] (DoQ). | ||||
| The document also describes a discovery method that shows if an | The document also describes a discovery method that shows if an | |||
| authoritative server supports encryption in Section 2. | authoritative server supports encryption in Section 2. | |||
| See [FULL-AUTH] for a description of the use case and a proposed | See [FULL-AUTH] for a description of the use case and a proposed | |||
| mechanism for fully-authenticated encryption. | mechanism for fully-authenticated encryption. | |||
| NOTE: The draft uses the SVCB record as a discovery mechanism for | NOTE: The draft uses the SVCB record as a discovery mechanism for | |||
| encryption by a particular authoritative server. Any record type | encryption by a particular authoritative server. Any record type | |||
| that can show multiple types of encryption (currently DoT, DoH, and | that can show multiple types of encryption (currently DoT, DoH, and | |||
| skipping to change at page 3, line 16 ¶ | skipping to change at page 3, line 20 ¶ | |||
| 1.1. Use Case for Unauthenticated Encryption | 1.1. Use Case for Unauthenticated Encryption | |||
| The use case in this document for unauthenticated encryption is | The use case in this document for unauthenticated encryption is | |||
| recursive resolver operators who are happy to use encryption with | recursive resolver operators who are happy to use encryption with | |||
| authoritative servers if doing so doesn't significantly slow down | authoritative servers if doing so doesn't significantly slow down | |||
| getting answers, and authoritative server operators that are happy to | getting answers, and authoritative server operators that are happy to | |||
| use encryption with recursive resolvers if it doesn't cost much. In | use encryption with recursive resolvers if it doesn't cost much. In | |||
| this use case, resolvers do not want to return an error for requests | this use case, resolvers do not want to return an error for requests | |||
| that were sent over an encrypted channel if they would have been able | that were sent over an encrypted channel if they would have been able | |||
| to give a correct answer using unencrypted transport. | to give a correct answer using unencrypted transport. Ultimately, | |||
| this effort has two two goals: to protect queries from failing in | ||||
| case authenticated encryption is not available, and to enable | ||||
| recursive resolver operators to encrypt without server | ||||
| authentication. | ||||
| Resolvers and authoritative servers understand that using encryption | Resolvers and authoritative servers understand that using encryption | |||
| costs something, but are willing to absorb the costs for the benefit | costs something, but are willing to absorb the costs for the benefit | |||
| of more Internet traffic being encrypted. The extra costs (compared | of more Internet traffic being encrypted. The extra costs (compared | |||
| to using traditional DNS on port 53) include: | to using traditional DNS on port 53) include: | |||
| o Extra round trips to establish TCP for every session (but not | * Extra round trips to establish TCP for every session (but not | |||
| necessarily for every query) | necessarily for every query) | |||
| o Extra round trips for TLS establishment | * Extra round trips for TLS establishment | |||
| o Greater CPU use for TLS establishment | * Greater CPU use for TLS establishment | |||
| o Greater CPU use for encryption after TLS establishment | * Greater CPU use for encryption after TLS establishment | |||
| o Greater memory use for holding TLS state | * Greater memory use for holding TLS state | |||
| This use case is not expected to apply to all resolvers or | This use case is not expected to apply to all resolvers or | |||
| authoritative servers. For example, according to [RSO_STATEMENT], | authoritative servers. For example, according to [RSO_STATEMENT], | |||
| some root server operators do not want to be the early adopters for | some root server operators do not want to be the early adopters for | |||
| DNS with encryption. The protocol in this document explicitly allows | DNS with encryption. The protocol in this document explicitly allows | |||
| authoritative servers to signal when they are ready to begin offering | authoritative servers to signal when they are ready to begin offering | |||
| DNS with encryption. | DNS with encryption. | |||
| 1.2. Summary of Protocol | 1.2. Summary of Protocol | |||
| This summary gives an overview of how the parts of the protocol work | This summary gives an overview of how the parts of the protocol work | |||
| together. | together. | |||
| o The resolver discovers whether any authoritative server of | * The resolver discovers whether any authoritative server of | |||
| interest supports DNS with encryption by querying for the SVCB | interest supports DNS with encryption by querying for the SVCB | |||
| records [SVCB]. As described in [DNS-SVCB], SVCB records can | records [SVCB]. As described in [DNS-SVCB], SVCB records can | |||
| indicate that a server supports encrypted transport of DNS | indicate that a server supports encrypted transport of DNS | |||
| queries. | queries. | |||
| NOTE: In this document, the term "SVCB record" is used _only_ for | NOTE: In this document, the term "SVCB record" is used _only_ for | |||
| SVCB records that indicate encryption as described in [DNS-SVCB]. | SVCB records that indicate encryption as described in [DNS-SVCB]. | |||
| SVCB records that do not have these indicators in the RDATA are | SVCB records that do not have these indicators in the RDATA are | |||
| not included in the term "SVCB record" in this document. | not included in the term "SVCB record" in this document. | |||
| o The resolver uses any authoritative server with a SVCB record that | * The resolver uses any authoritative server with a SVCB record that | |||
| indicates encryption to perform unauthenticated encryption. | indicates encryption to perform unauthenticated encryption. | |||
| o The resolver does not fail to set up encryption if the | * The resolver does not fail to set up encryption if server | |||
| authentication in the TLS session fails. | authentication in the TLS session fails. | |||
| 1.3. Definitions | 1.3. Definitions | |||
| The terms "recursive resolver", "authoritative server", and "classic | The terms "recursive resolver", "authoritative server", and "classic | |||
| DNS" are defined in [DNS-TERM]. | DNS" are defined in [DNS-TERM]. | |||
| "DNS with encryption" means transport of DNS over any of DoT, DoH, or | "DNS with encryption" means transport of DNS over any of DoT, DoH, or | |||
| DoQ. A server that supports DNS with encryption supports transport | DoQ. A server that supports DNS with encryption supports transport | |||
| over one or more of DoT, DoH, or DoQ. | over one or more of DoT, DoH, or DoQ. | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [MUSTSHOULD1] [MUSTSHOULD2] when, and only when, they appear in | 14 [MUST-SHOULD-1] [MUST-SHOULD-2] when, and only when, they appear | |||
| all capitals, as shown here. | in all capitals, as shown here. | |||
| 2. Discovery of Authoritative Server Encryption | 2. Discovery of Authoritative Server Encryption | |||
| An authoritative server that supports DNS with encryption makes | An authoritative server that supports DNS with encryption makes | |||
| itself discoverable by publishing one or more DNS SVCB records that | itself discoverable by publishing one or more DNS SVCB records that | |||
| contain "alpn" parameter keys. SVCB records are defined in [SVCB], | contain "alpn" parameter keys. SVCB records are defined in [SVCB], | |||
| and the DNS extension to those records is defined in [DNS-SVCB]. | and the DNS extension to those records is defined in [DNS-SVCB]. | |||
| A recursive resolver discovers whether an authoritative server | A recursive resolver discovers whether an authoritative server | |||
| supports DNS with encryption by looking for cached SVCB records for | supports DNS with encryption by looking for cached SVCB records for | |||
| skipping to change at page 5, line 35 ¶ | skipping to change at page 5, line 42 ¶ | |||
| those authoritative servers in the cache are negative responses, the | those authoritative servers in the cache are negative responses, the | |||
| resolver MUST use classic (unencrypted) DNS instead of encryption. | resolver MUST use classic (unencrypted) DNS instead of encryption. | |||
| Similarly, if none of the DNS SVCB records for the authoritative | Similarly, if none of the DNS SVCB records for the authoritative | |||
| servers in the cache have supported "alpn" parameters, the resolver | servers in the cache have supported "alpn" parameters, the resolver | |||
| MUST use classic (unencrypted) DNS instead of encryption. | MUST use classic (unencrypted) DNS instead of encryption. | |||
| If there are any DNS SVCB records in the cache for the authoritative | If there are any DNS SVCB records in the cache for the authoritative | |||
| servers for a zone with supported "alpn" parameters, the resolver | servers for a zone with supported "alpn" parameters, the resolver | |||
| MUST try each indicated authoritative server using DNS with | MUST try each indicated authoritative server using DNS with | |||
| encryption until it successfully sets up a connection. The resolver | encryption until it successfully sets up a connection. The resolver | |||
| only attempts to use the encrypted transports that are in the | attempts to use the encrypted transports that are in the associated | |||
| associated SVCB record for the authoritative server. (( Note that | SVCB record for the authoritative server. | |||
| this completely prohibits "simple port 853 probing" even though that | ||||
| is what some operators are currently doing. Does the WG want to be | ||||
| this strict? )) | ||||
| A resolver SHOULD keep a DNS with encryption session to a particular | A resolver SHOULD keep a DNS with encryption session to a particular | |||
| server open if it expects to send additional queries to that server | server open if it expects to send additional queries to that server | |||
| in a short period of time. [DNS-OVER-TCP] says "both clients and | in a short period of time. [DNS-OVER-TCP] says "both clients and | |||
| servers SHOULD support connection reuse" for TCP connections, and | servers SHOULD support connection reuse" for TCP connections, and | |||
| that advice could apply as well for DNS with encryption, especially | that advice could apply as well for DNS with encryption, especially | |||
| as DNS with encryption has far greater overhead for re-establishing a | as DNS with encryption has far greater overhead for re-establishing a | |||
| connection. If the server closes the DNS with encryption session, | connection. If the server closes the DNS with encryption session, | |||
| the resolver can possibly re-establish a DNS with encryption session | the resolver can possibly re-establish a DNS with encryption session | |||
| using encrypted session resumption. | using encrypted session resumption. Configuration for the maximum | |||
| timeout, minimum timeout, and duration of encrypted sessions should | ||||
| take into consideration the recommendations given in [TCP-TIMEOUT], | ||||
| [EDNS-TCP], and (for DoH) [HTTP-1.1]. | ||||
| For any DNS with encryption protocols, TLS version 1.3 [TLS-13] or | For any DNS with encryption protocols, TLS version 1.3 [TLS-13] or | |||
| later MUST be used. | later MUST be used. | |||
| A resolver following this protocol does not need to authenticate TLS | A resolver following this protocol does not need to authenticate TLS | |||
| servers. Thus, when setting up a TLS connection, if the server's | servers. Thus, when setting up a TLS connection, if the server's | |||
| authentication credentials do not match those expected by the | authentication credentials do not match those expected by the | |||
| resolver, the resolver continues with the TLS connection. Privacy- | resolver, the resolver continues with the TLS connection. Privacy- | |||
| oriented resolvers (defined in [PRIVACY-REC]) following this protocol | oriented resolvers (defined in [PRIVACY-REC]) following this protocol | |||
| MUST NOT indicate that they are using encryption because this | MUST NOT indicate that they are using encryption because this | |||
| protocol is susceptible to on-path attacks. | protocol is susceptible to on-path attacks. | |||
| If the resolver gets a TLS failure (such as those listed in | ||||
| Section 3.2, the resolver instead uses classic DNS on any of the | ||||
| authoritative servers. | ||||
| 3.1. Resolver Process as Pseudocode | 3.1. Resolver Process as Pseudocode | |||
| This section is meant as an informal clarification of the protocol, | This section is meant as an informal clarification of the protocol, | |||
| and is not normative. The pseudocode here is designed to show the | and is not normative. The pseudocode here is designed to show the | |||
| intent of the protocol, so it is not optimized for things like | intent of the protocol, so it is not optimized for things like | |||
| intersection of sets and other shortcuts. | intersection of sets and other shortcuts. | |||
| In this code, "signal_rrset(this_name)" means an "SVCB" query for the | In this code, signal_rrset(this_name) means an SVCB query for the | |||
| "'_dns'" prefix of "this_name". The "Query over secure transport | '_dns' prefix of this_name. The Query over secure transport until | |||
| until successful" section ignores differences in name server | successful section ignores differences in name server selection and | |||
| selection and retry behaviour in different resolvers. | retry behaviour in different resolvers. | |||
| # Inputs | # Inputs | |||
| ns_names = List of NS Rdatas from the NS RRset for the queried name | ns_names = List of NS Rdatas from the NS RRset for the queried name | |||
| can_do_secure = List of secure transports supported by resolver | can_do_secure = List of secure transports supported by resolver | |||
| secure_names_and_transports = Empty list, filled in below | secure_names_and_transports = Empty list, filled in below | |||
| # Fill secure_names_and_transports with (name, transport) tuples | # Fill secure_names_and_transports with (name, transport) tuples | |||
| for this_name in ns_names: | for this_name in ns_names: | |||
| if signal_rrset(this_name) is in the resolver cache: | if signal_rrset(this_name) is in the resolver cache: | |||
| if signal_rrset(this_name) positively does not exist: | if signal_rrset(this_name) positively does not exist: | |||
| skipping to change at page 6, line 52 ¶ | skipping to change at page 7, line 29 ¶ | |||
| queue a query for signal_rrset(this_name) for later caching | queue a query for signal_rrset(this_name) for later caching | |||
| # Query over secure transport until successful | # Query over secure transport until successful | |||
| for (this_name, this_transport) tuple in secure_names_and_transports: | for (this_name, this_transport) tuple in secure_names_and_transports: | |||
| query using this_transport on this_name | query using this_transport on this_name | |||
| if successful: | if successful: | |||
| finished | finished | |||
| # Got here if no this_name/this_transport query was successful | # Got here if no this_name/this_transport query was successful | |||
| # or if secure_names_and_transports was empty | # or if secure_names_and_transports was empty | |||
| query using classic DNS on any/all ns_names; finished | query using classic DNS; finished | |||
| 3.2. Resolver Session Failures | 3.2. Resolver Session Failures | |||
| The following are some of the reasons that a DNS with encryption | The following are some of the reasons that a DNS with encryption | |||
| session might fail to be set up: | session might fail to be set up: | |||
| o The resolver receives a TCP RST response | * The resolver receives a TCP RST response | |||
| o The resolver does not receive replies to TCP or TLS setup (such as | * The resolver does not receive replies to TCP or TLS setup (such as | |||
| getting the TCP SYN message, the first TLS message, or completing | getting the TCP SYN message, the first TLS message, or completing | |||
| TLS handshakes) | TLS handshakes) | |||
| o The TLS handshake gets a definitive failure | * The TLS handshake gets a definitive failure | |||
| o The encrypted session fails for reasons other than for | * The encrypted session fails for reasons other than for | |||
| authentication, such as incorrect algorithm choices or TLS record | authentication, such as incorrect algorithm choices or TLS record | |||
| failures | failures | |||
| 4. Serving with Encryption | 4. Serving with Encryption | |||
| An operator of an authoritative server following this protocol SHOULD | An operator of an authoritative server following this protocol SHOULD | |||
| publish SVCB records as described in Section 2. If they cannot | publish SVCB records as described in Section 2. If they cannot | |||
| publish such records, the security properties of their authoritative | publish such records, the security properties of their authoritative | |||
| servers will not be found. If an operator wants to test serving | servers will not be found. If an operator wants to test serving | |||
| using encryption, they can publish SVCB records with short TTLs and | using encryption, they can publish SVCB records with short TTLs and | |||
| skipping to change at page 8, line 23 ¶ | skipping to change at page 9, line 5 ¶ | |||
| The method described in this document explicitly allows a resolver to | The method described in this document explicitly allows a resolver to | |||
| perform DNS communications over traditional unencrypted, | perform DNS communications over traditional unencrypted, | |||
| unauthenticated DNS on port 53, if it cannot find an authoritative | unauthenticated DNS on port 53, if it cannot find an authoritative | |||
| server that advertises that it supports encryption. The method | server that advertises that it supports encryption. The method | |||
| described in this document explicitly allows a resolver using | described in this document explicitly allows a resolver using | |||
| encryption to choose to allow unauthenticated encryption. In either | encryption to choose to allow unauthenticated encryption. In either | |||
| of these cases, the resulting communication will be susceptible to | of these cases, the resulting communication will be susceptible to | |||
| obvious and well-understood attacks from an attacker in the path of | obvious and well-understood attacks from an attacker in the path of | |||
| the communications. | the communications. | |||
| [TLS-1.3] specifically warns against anonymous connections because | ||||
| such connections only provide protection against passive | ||||
| eavesdropping while failing to protect against active on-path | ||||
| attacks. Section C.5 of [TLS-1.3] explicitly states applications | ||||
| MUST NOT use TLS with unverifiable server authentication unless there | ||||
| is explicit configuration or a specific application profile to do so. | ||||
| This document is such an application profile. | ||||
| Encrypting the traffic between resolvers and authoritative servers | ||||
| does not solve all the privacy issues for resolution. See | ||||
| [PRIVACY-REC] and [PRIVACY-CONS] for in-depth discussion of the | ||||
| associated privacy issues. | ||||
| 7. Acknowledgements | 7. Acknowledgements | |||
| Puneet Sood contributed many ideas to early drafts of this document. | Puneet Sood contributed many ideas to early drafts of this document. | |||
| The DPRIVE Working Group has contributed many ideas that keep | The DPRIVE Working Group has contributed many ideas that keep | |||
| shifting the focus and content of this document. | shifting the focus and content of this document. | |||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| [DNS-SVCB] | [DNS-SVCB] Schwartz, B., "Service Binding Mapping for DNS Servers", | |||
| Schwartz, B., "Service Binding Mapping for DNS Servers", | Work in Progress, Internet-Draft, draft-schwartz-svcb-dns- | |||
| draft-schwartz-svcb-dns-03 (work in progress), April 2021. | 04, 26 July 2021, <https://www.ietf.org/archive/id/draft- | |||
| schwartz-svcb-dns-04.txt>. | ||||
| [DNS-TERM] | [DNS-TERM] Hoffman, P. and K. Fujiwara, "DNS Terminology", Work in | |||
| Hoffman, P. and K. Fujiwara, "DNS Terminology", draft- | Progress, Internet-Draft, draft-ietf-dnsop-rfc8499bis-03, | |||
| ietf-dnsop-rfc8499bis-02 (work in progress), June 2021. | 28 September 2021, <https://www.ietf.org/archive/id/draft- | |||
| ietf-dnsop-rfc8499bis-03.txt>. | ||||
| [FULL-AUTH] | [FULL-AUTH] | |||
| Pauly, T., Rescorla, E., Schinazi, D., and C. A. Wood, | Pauly, T., Rescorla, E., Schinazi, D., and C. A. Wood, | |||
| "Signaling Authoritative DNS Encryption", draft-rescorla- | "Signaling Authoritative DNS Encryption", Work in | |||
| dprive-adox-latest-00 (work in progress), February 2021. | Progress, Internet-Draft, draft-rescorla-dprive-adox- | |||
| latest-00, 26 February 2021, | ||||
| <https://www.ietf.org/archive/id/draft-rescorla-dprive- | ||||
| adox-latest-00.txt>. | ||||
| [MUSTSHOULD1] | [MUST-SHOULD-1] | |||
| Bradner, S., "Key words for use in RFCs to Indicate | Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [MUSTSHOULD2] | [MUST-SHOULD-2] | |||
| Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| [OPPORTUN] | [OPPORTUN] Dukhovni, V., "Opportunistic Security: Some Protection | |||
| Dukhovni, V., "Opportunistic Security: Some Protection | ||||
| Most of the Time", RFC 7435, DOI 10.17487/RFC7435, | Most of the Time", RFC 7435, DOI 10.17487/RFC7435, | |||
| December 2014, <https://www.rfc-editor.org/info/rfc7435>. | December 2014, <https://www.rfc-editor.org/info/rfc7435>. | |||
| [SVCB] Schwartz, B., Bishop, M., and E. Nygren, "Service binding | [SVCB] Schwartz, B., Bishop, M., and E. Nygren, "Service binding | |||
| and parameter specification via the DNS (DNS SVCB and | and parameter specification via the DNS (DNS SVCB and | |||
| HTTPS RRs)", draft-ietf-dnsop-svcb-https-06 (work in | HTTPS RRs)", Work in Progress, Internet-Draft, draft-ietf- | |||
| progress), June 2021. | dnsop-svcb-https-07, 5 August 2021, | |||
| <https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb- | ||||
| https-07.txt>. | ||||
| [TLS-13] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [TLS-13] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| 8.2. Informative References | 8.2. Informative References | |||
| [DNS-OVER-HTTPS] | ||||
| Hoffman, P. and P. McManus, "DNS Queries over HTTPS | ||||
| (DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018, | ||||
| <https://www.rfc-editor.org/info/rfc8484>. | ||||
| [DNS-OVER-QUIC] | ||||
| Huitema, C., Dickinson, S., and A. Mankin, "Specification | ||||
| of DNS over Dedicated QUIC Connections", Work in Progress, | ||||
| Internet-Draft, draft-ietf-dprive-dnsoquic-04, 3 September | ||||
| 2021, <https://www.ietf.org/archive/id/draft-ietf-dprive- | ||||
| dnsoquic-04.txt>. | ||||
| [DNS-OVER-TCP] | [DNS-OVER-TCP] | |||
| Dickinson, J., Dickinson, S., Bellis, R., Mankin, A., and | Dickinson, J., Dickinson, S., Bellis, R., Mankin, A., and | |||
| D. Wessels, "DNS Transport over TCP - Implementation | D. Wessels, "DNS Transport over TCP - Implementation | |||
| Requirements", RFC 7766, DOI 10.17487/RFC7766, March 2016, | Requirements", RFC 7766, DOI 10.17487/RFC7766, March 2016, | |||
| <https://www.rfc-editor.org/info/rfc7766>. | <https://www.rfc-editor.org/info/rfc7766>. | |||
| [DNSOHTTPS] | [DNS-OVER-TLS] | |||
| Hoffman, P. and P. McManus, "DNS Queries over HTTPS | Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., | |||
| (DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018, | ||||
| <https://www.rfc-editor.org/info/rfc8484>. | ||||
| [DNSOQUIC] | ||||
| Huitema, C., Mankin, A., and S. Dickinson, "Specification | ||||
| of DNS over Dedicated QUIC Connections", draft-ietf- | ||||
| dprive-dnsoquic-02 (work in progress), February 2021. | ||||
| [DNSOTLS] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., | ||||
| and P. Hoffman, "Specification for DNS over Transport | and P. Hoffman, "Specification for DNS over Transport | |||
| Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May | Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May | |||
| 2016, <https://www.rfc-editor.org/info/rfc7858>. | 2016, <https://www.rfc-editor.org/info/rfc7858>. | |||
| [EDNS-TCP] Wouters, P., Abley, J., Dickinson, S., and R. Bellis, "The | ||||
| edns-tcp-keepalive EDNS0 Option", RFC 7828, | ||||
| DOI 10.17487/RFC7828, April 2016, | ||||
| <https://www.rfc-editor.org/info/rfc7828>. | ||||
| [HTTP-1.1] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | ||||
| Protocol (HTTP/1.1): Message Syntax and Routing", | ||||
| RFC 7230, DOI 10.17487/RFC7230, June 2014, | ||||
| <https://www.rfc-editor.org/info/rfc7230>. | ||||
| [PRIVACY-CONS] | ||||
| Wicinski, T., Ed., "DNS Privacy Considerations", RFC 9076, | ||||
| DOI 10.17487/RFC9076, July 2021, | ||||
| <https://www.rfc-editor.org/info/rfc9076>. | ||||
| [PRIVACY-REC] | [PRIVACY-REC] | |||
| Dickinson, S., Overeinder, B., van Rijswijk-Deij, R., and | Dickinson, S., Overeinder, B., van Rijswijk-Deij, R., and | |||
| A. Mankin, "Recommendations for DNS Privacy Service | A. Mankin, "Recommendations for DNS Privacy Service | |||
| Operators", BCP 232, RFC 8932, DOI 10.17487/RFC8932, | Operators", BCP 232, RFC 8932, DOI 10.17487/RFC8932, | |||
| October 2020, <https://www.rfc-editor.org/info/rfc8932>. | October 2020, <https://www.rfc-editor.org/info/rfc8932>. | |||
| [RSO_STATEMENT] | [RSO_STATEMENT] | |||
| "Statement on DNS Encryption", 2021, <https://root- | "Statement on DNS Encryption", 2021, <https://root- | |||
| servers.org/media/news/Statement_on_DNS_Encryption.pdf>. | servers.org/media/news/Statement_on_DNS_Encryption.pdf>. | |||
| [TCP-TIMEOUT] | ||||
| Kristoff, J. and D. Wessels, "DNS Transport over TCP - | ||||
| Operational Requirements", Work in Progress, Internet- | ||||
| Draft, draft-ietf-dnsop-dns-tcp-requirements-12, 18 August | ||||
| 2021, <https://www.ietf.org/archive/id/draft-ietf-dnsop- | ||||
| dns-tcp-requirements-12.txt>. | ||||
| [TLS-1.3] Rescorla, E., "The Transport Layer Security (TLS) Protocol | ||||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | ||||
| <https://www.rfc-editor.org/info/rfc8446>. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Paul Hoffman | Paul Hoffman | |||
| ICANN | ICANN | |||
| Email: paul.hoffman@icann.org | Email: paul.hoffman@icann.org | |||
| Peter van Dijk | Peter van Dijk | |||
| PowerDNS | PowerDNS | |||
| End of changes. 39 change blocks. | ||||
| 74 lines changed or deleted | 128 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||