On Mon, Apr 12, 2021 at 11:22 AM Michael Thomas <mike@xxxxxxxx> wrote:
On 4/12/21 3:36 AM, Andrew McConachie wrote:
>
>
> When looking at how one might implement DANE for HTTPS/TLS I don’t see
> any reason to handle these things sequentially. You don’t have to
> change TLS you just have to do things asynchronously. Query for TLSA
> RRs at the same time as sending the TLS ClientHello, and kill the
> connection setup when/if DANE validation fails. On the off chance that
> the DNS actually takes longer than TLS, maybe delay sending data via
> TLS until DNS responds. But I bet this almost never happens.
>
Correct. Better: you can do the TLSA request at the same time as the
A/AAAA request speculatively. Plus if you've ever had a TLSA record for
that domain, you know it's pretty likely you'll get a fresh one even if
the last one is expired, so the speculation is minimal.
Or replace the DNS resolver protocol with a privacy protected one in which a single request packet can be answered by multiple response packets. This maintains the 'stateless' nature of DNS queries but allows responses of 1-32 packets.
Then introduce a new DNS query for 'tell me how to connect to protocol X at name Y'
Then a query to the responder can return the A record, the AAAA record, the SRV record, any relevant TXT and TLSA records and the entire cert chain for one particular host chosen by the responder.
Then to fix Rich's issue we introduce a subscription feature so that high volume DNS resolvers can get push notification of changes in the CDN config.
It is really odd that you keep accusing me of being wedged on X.509v3 certificates when I have designed three other PKIs from scratch that don't use ASN.1 at all, one of which is very widely used and another that I am working on right now. X.509 is the only PKI I have worked on, the only protocol I have worked on that I was not 1.0 on. I was 1.0 on applying it to create the WebPKI.