DNSSEC to be strangled at birth.
Joe St Sauver
joe at oregon.uoregon.edu
Thu Apr 5 11:27:20 EDT 2007
Dave mentioned:
# Can anyone seriously imagine countries like Iran or China signing up to a
#system that places complete control, surveillance and falsification
#capabilities in the hands of the US' military intelligence?
I'm not sure having control of the keys for the root zone would give you
all that.
# Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread
#non-acceptance. And unless it's used everywhere, there's very little point
#having it at all.
This issue came up on Dave Farber's [IP] list; my comments to him (which
never appeared, perhaps because Dave was already sick of hearing about it,
or simply because my comments were boring :-)) are included below, for
what they may be worth:
Three points to consider about the current DNSSEC "who should signs the
root?" issue...
1) While DNS is a critical core protocol, and one which has garnered
substantial miscreant attention, deployment of DNSSEC to fix some
of DNS' current weaknesses is still only embryonic. Most sites on
the Internet today neither sign their own zones nor have
configured their name servers to cryptographically validate others'
domains.
Numerical estimates for DNSSEC penetration range from just 0.001% to
0.0015% (see slides 74-75 in my "Port 53 Wars" talk, available at
http://www.uoregon.edu/~joe/port53wars/port53wars.ppt (or .pdf)),
and the domains that *are* getting secured by DNSSEC are generally
not the most popular domains, nor the ones which are being used for
critical online banking or electronic commerce, nor even those which
belong to market-leading (or thought-leading) technology companies.
When DNSSEC is more broadly deployed it will be more practically
useful; when it is more practically useful, it will be more broadly
deployed. I'm sure it is no surprise to anyone that Internet
bootstrapping can be tough, whether we're talking about IP multicast,
IPv6, jumbo frames, or, in this case, DNSSEC...
Until substantial adoption does occur, we're largely arguing about
a theoretical issue of limited *practical* import.
If you want to help make DNSSEC (and the issue of who signs the root!)
one which *is* practically important, then folks need to *use* DNSSEC:
-- if you operate name servers, configure the name servers you
administer to check the DNSSEC signatures of other zones,
-- if you control one or more domains, sign your *own* zones, and
-- talk to critical Internet partners you work with about DNSSEC
and the status of *their* name servers and *their* zones
(can you imagine the impact if even some of the giants such as
Google, Yahoo, CNN, the BBC, Amazon, AOL, IBM, Microsoft, Cisco,
WalMart, Citibank, etc., began to actually use -- and actively
encourage *others* to use -- DNSSEC?)
DNS server admins who'd like to try DNSSEC can find pointers to
recipes for signing their own zones, and recipes for configuring
their name servers to check the signatures of others' zones, in my
talk at slide 76.
2) So when *will* the question of *who* signs the root become technically
important? Well, at the risk of offering a semi-tautological answer
to a semi-rhetorical question, that will probably be when the root
actually gets signed.
The root zone is NOT signed today, and depending on your perspective,
signing of the root is either (a) imminent, or (b) something which may
*perpetually* remain at least six months away (see slides 55-58 from
my talk).
If I were reading the tea leaves which are currently visible, I
think the indicator with the highest predictive value is likely
Verisign's February 2007 announcement of Project Titan, a three year
(and hundred million dollar) DNS upgrade initiative (see
http://www.verisign.com/titan/ ).
I believe their completion of Project Titan may be a defacto
precondition for the potential signing of the root, although signing
of the root may still not occur even once Project Titan has been
completed (DNSSEC is clearly an after thought when it comes to that
expansion effort, not the central operational/business driver).
3) Does this mean the whole matter of who signs the root is a complete
non-issue? Most emphatically no.
The issue of who signs the root is one which may be trivial as a
*practical* *technical* matter *today*, but it is one which is
potentially *huge* as a matter of policy and precedent, and as a
*longer term* practical technical issue, and as an issue which
has the potential to halt, slow, or potentially fragment DNSSEC's
actual deployment.
If the issue of who signs the root cannot be consensually resolved,
the most likely impact will be for DNSSEC adopters to move from
a trust model rooted at "." to a trust model rooted at the TLD level.
Now, instead of having a minimal number of keys to juggle, sites
would be facing a far larger number of islands of trust, each
with their own keys.
Even with just DNSSEC's limited deployment to date, we already know
that when faced with the prospect of managing a large number of keys,
adopters will turn to trusted third party brokers who *are* willing
to cryptographically vouch for multiple keys (for example see the
discussion of islands of trust and Domain Lookaside Validation (DLV)
at slides 59-61).
Bottom line, my belief is that ultimately the root *will* end up being
signed. If the community viscerally or intellectually doesn't like the
party providing that signature, the unhappy parts of the community have
a number of options, including:
-- they can ignore DNSSEC, not checking DNS signatures on their name
servers and not signing their own zones (remember that this is the
default option selected by 99.999% of the online world right now,
including virtually everyone who may be reading this note)... but
I think that would be... unfortunate.
-- they can "hold their nose" and proceed (even if they're uncomfortable),
using the default signed root unless/until some abuse of trust occurs
(and presumably everyone would be watching quite closely for any
sign of inappropriate behavior, and presumably the party that
ultimately signs the root would know that and hopefully behave
accordingly)
-- they can deploy a DLV-like solution, trusting a third party commercial
or non-profit entity (or even some other government) to act as what
amounts to an alternative DNSSEC root-like trust anchor, or
-- they can devote a tremendous amount of time and effort to arguing a
battle about who signs the root, potentially ultimately achieving a
Pyrrhic victory.
Given those options, and the current realities of DNSSEC deployment today,
I'd suggest that people not devote their primary attention and energy to
worries about whether or not a disliked or liked national authority
ultimately signs the root, but rather I'd suggest that folks focus on
whether or not DNSSEC ends up taking off at all. If you want DNSSEC to
succeed, use it, talk about it, and write code to take advantage of its
capabilities. Ultimately I believe the turf wars which may come up can be
settled one way or another.
Regards,
Joe St Sauver (joe at oregon.uoregon.edu)
http://www.uoregon.edu/~joe/
Disclaimer: all opinions strictly my own
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list