Open johanix opened 2 months ago
The right thing is likely to hand the KEY bootstrap issue over to something without a time limit, i.e. to a separate Goroutine. So the suggested flow is that when a self-signed "ADD KEY" UPDATE arrives from a child this is handed over to (suggested name) the KeyBootstrapper() which will implement whatever key bootstrapping policy is requested (multiple queries with sufficient delay, queries over TCP, queries from multiple locations, etc). Once the KeyBootstrapper() is happy it sends the key over to the Truststore to mark it as trusted (or not, as the case may be).
For a first cut it is sufficient to query for "child.parent. KEY" once if it is dnssec signed below a signed delegation and validation succeeds.
If the KEY record is not signed we must query N times with M seconds in between. M is the lesser of the KEY ttl or a configured delay, i.e. using an algorithm similar to what is suggested in RFC8078, section 3.3.
Later on we will add the ability to query from multiple vantage points by having one tdns-server request another tdns-server (via API) to lookup the KEY RR. See issue #41.