Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Associated discovery security differences #16

Open
martinthomson opened this issue Sep 9, 2020 · 2 comments
Open

Associated discovery security differences #16

martinthomson opened this issue Sep 9, 2020 · 2 comments
Labels
design help wanted

Comments

@martinthomson
Copy link

@martinthomson martinthomson commented Sep 9, 2020

Two options are presented for discovering an associated resolver:

  1. enhance the discovery process for the resolver to provide secured options in parallel
  2. ask the unsecured resolver for its opinion

The draft should discuss the consequences of this choice, particularly from the perspective of security. In the former, any exposure to attack is limited to the discovery method. However, the latter creates a new point that needs to be secured.

This doesn't mean that either is invalid: in many cases these reduce to network operators being able to decide who answers DNS queries, but there are operational differences between securing network configuration and securing DNS resolution that are relevant in some contexts. We at least need people to be aware of these differences.

@chris-box chris-box added design help wanted labels Sep 9, 2020
@chris-box
Copy link
Contributor

@chris-box chris-box commented Sep 9, 2020

Good point. Text will need to be written.

@chris-box
Copy link
Contributor

@chris-box chris-box commented Nov 6, 2020

This issue still needs text, but now it would refer to the difference between network-identified (1) and resolver-identified (2).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
design help wanted
Projects
None yet
Development

No branches or pull requests

2 participants