DoT and TLS 1.3 Early Data / 0-RTT session resumption


#1

I’m investigating DNS over TLS on 1.1.1.1 and was wondering if the service will support TLS 1.3’s Early Data / 0-RTT session resumption? I understand there are security concerns with regards to replay attacks however DNS queries are inherently idempotent and therefore the concerns are largely mitigated (unless there’s something I’m missing?). If so, the increased performance of 0-RTT session resumption will be highly beneficial.

$ bssl client -connect 1.1.1.1:853 -test-resumption -early-data /dev/null

Connecting to 1.1.1.1:853
Connected.
  Version: TLSv1.3
  Resumed session: no
  Cipher: TLS_AES_128_GCM_SHA256
  ECDHE curve: X25519
  Signature algorithm: ecdsa_secp256r1_sha256
  Secure renegotiation: yes
  Extended master secret: yes
  Next protocol negotiated:
  ALPN protocol:
  OCSP staple: no
  SCT list: no
  Early data: no
  Cert subject: C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = *.cloudflare-dns.com
  Cert issuer: C = US, O = DigiCert Inc, CN = DigiCert ECC Secure Server CA
Connecting to 1.1.1.1:853
Connected.
  Version: TLSv1.3
  Resumed session: yes
  Cipher: TLS_AES_128_GCM_SHA256
  ECDHE curve: X25519
  Signature algorithm: ecdsa_secp256r1_sha256
  Secure renegotiation: yes
  Extended master secret: yes
  Next protocol negotiated:
  ALPN protocol:
  OCSP staple: no
  SCT list: no
  Early data: no
  Cert subject: C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = *.cloudflare-dns.com
  Cert issuer: C = US, O = DigiCert Inc, CN = DigiCert ECC Secure Server CA

#2

:wave: @jon6,

There does seem to be some discussions around potential security implications here: https://www.ietf.org/mail-archive/web/dns-privacy/current/msg01276.html Cloudflare might implement it, but as a privacy focused resolver there could be some arguments against it (even if it would improve performance).

-OG


#3

was discussed at Cloudflare speak TLS 1.3 0-RTT with Origin Backend? for cf to origin communication not sure on DoT though