[Cryptography] Against against DNS (Re: New SSL/TLS certs to each live no longer than 47) days by 2029
Christian Huitema
huitema at huitema.net
Sat Apr 26 13:00:57 EDT 2025
On 4/25/2025 8:38 PM, Viktor Dukhovni wrote:
> The obstacle to DNSSEC in browsers is fundamentally a last-mile problem
> with CPE devices (routers, cable boxes, ISP resolvers, ...) often enough
> making it impossible to get signed answers. The landscape has changed
> with DoH, ... creating a pathway to bypass all the impedance, but it is
> not yet pervasive to the point of making DNSSEC+DANE available to edge
> consumer devices.
There could be something similar happening with Encrypted Client Hello.
ECH relies on the client securely obtaining the HTTPS resource record of
the target server. Since ECH is used to hide the "real" target from the
local network, it makes sense to get that record without using the local
DNS servers. So I would expect the client to use DoH to acquire the
HTTPS record, and then using the default DNS service to get the address
of the fronting server. So, bifurcated DNS, with data acquired from
multiple servers.
Whether that's an argument for DNSSEC is a bit debatable. Yes, it would
be nice if the HTTPS record was properly signed, etc. But DoH (or DoT)
already protects against the "last mile" attacks, so we are left with
attacks on the name resolution by the DoH server. Also, there is a high
correlation between the "authoritative DNS" for a domain and the "CDN
server" for that domain. See for example
https://ithi.research.icann.org/graph-m9.html, which shows that the most
popular DNS servers for big domains are Cloudflare, AWS, Google and
Akamai. If you are making a DoH connection to Cloudflare and the
authoritative server for the domain is also Cloudflare, DNSSEC does not
bring a lot of value...
-- Christian Huitema
More information about the cryptography
mailing list