DNSSEC to be strangled at birth.
Simon Josefsson
simon at josefsson.org
Thu Apr 5 16:47:30 EDT 2007
Paul Hoffman <paul.hoffman at vpnc.org> writes:
> At 5:51 PM +0100 4/4/07, Dave Korn wrote:
>> Can anyone seriously imagine countries like Iran or China signing up to a
>>system that places complete control, surveillance and falsification
>>capabilities in the hands of the US' military intelligence?
>
> No.
>
> But how does having the root signing key allow those?
>
> Control: The root signing key only controls the contents of the root,
> not any level below the root.
...
> Falsification: This is possible but completely trivially detected (it
> is obvious if the zone for furble.net is signed by . instead of
> .net). Doing any falsification will cause the entire net to start
> ignoring the signature of the root and going to direct trust of the
> signed TLDs.
If you control the root signing key, you can sign a new zone key for,
e.g., '.com' and then create whatever content you want, e.g.,
'example.com' and sign it with your newly created '.com' zone key.
The signatures would chain back and verify to the root key.
However, in practice I don't believe many will trust the root key
alone -- for example, I believe most if not all Swedish ISPs would
configure in trust of the .se key as well. One can imagine a
web-of-trust based key-update mechanism that avoids the need to trust
a single root key.
/Simon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list