Skip to content

Commit a226a95

Browse files
committed
For PQ, honoring TC might be required
1 parent 21857d9 commit a226a95

1 file changed

Lines changed: 3 additions & 1 deletion

File tree

draft-denis-dprive-dnscrypt.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -667,7 +667,9 @@ PQ certificates are approximately 1.3 KB. A certificate response that contains o
667667

668668
## Certificate Retrieval Amplification
669669

670-
Certificate retrieval is an unauthenticated DNS query, and PQ certificates are much larger than classical ones, so a resolver that returns one or more PQ certificates over UDP can be abused as a traffic amplifier in response to queries with a spoofed source address. Resolvers SHOULD NOT return large PQ certificate sets over UDP to small unauthenticated requests. If the complete certificate response would exceed a conservative size, the resolver SHOULD set the TC flag and rely on the client retrying over TCP {{!RFC7766}}. Operators MAY serve a small classical certificate over UDP while requiring TCP for PQ certificate sets. This affects neither the certificate format nor the lookup name; it only makes TCP the normal retrieval path once PQ certificates are advertised.
670+
Certificate retrieval is an unauthenticated DNS query, and PQ certificates are much larger than classical ones, so a resolver that returns one or more PQ certificates over UDP can be abused as a traffic amplifier in response to queries with a spoofed source address. Resolvers SHOULD NOT return large PQ certificate sets over UDP to small unauthenticated requests. If the complete certificate response would exceed a conservative size, the resolver SHOULD set the TC flag and rely on the client retrying over TCP {{!RFC7766}}. When it does so, the resolver SHOULD still include the smaller classical certificate in the truncated UDP response, so that a client that does not implement PQ can proceed without a second round trip while a PQ-capable client learns that more certificates are available over TCP. Operators MAY serve a small classical certificate over UDP while requiring TCP for PQ certificate sets. This affects neither the certificate format nor the lookup name; it only makes TCP the normal retrieval path once PQ certificates are advertised.
671+
672+
Because the resolver withholds the PQ certificate from the truncated UDP response, a PQ-capable client MUST honor the TC flag on a certificate response and retry the certificate query over TCP. A client that ignores the TC flag would only ever observe the classical certificate over UDP and would silently fail to use PQ even against a resolver that supports it.
671673

672674
## PQ Key Derivation
673675

0 commit comments

Comments
 (0)