DNSSEC to be strangled at birth.

Joe St Sauver joe at oregon.uoregon.edu
Thu Apr 5 11:27:20 EDT 2007 

Dave mentioned:
  
#  Can anyone seriously imagine countries like Iran or China signing up to a
#system that places complete control, surveillance and falsification
#capabilities in the hands of the US' military intelligence?  
  
I'm not sure having control of the keys for the root zone would give you
all that. 
  
#  Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread
#non-acceptance.  And unless it's used everywhere, there's very little point
#having it at all.
  
This issue came up on Dave Farber's [IP] list; my comments to him (which
never appeared, perhaps because Dave was already sick of hearing about it,
or simply because my comments were boring :-)) are included below, for 
what they may be worth:
  
Three points to consider about the current DNSSEC "who should signs the 
root?" issue...
  
  1) While DNS is a critical core protocol, and one which has garnered 
     substantial miscreant attention, deployment of DNSSEC to fix some 
     of DNS' current weaknesses is still only embryonic. Most sites on 
     the Internet today neither sign their own zones nor have
     configured their name servers to cryptographically validate others' 
     domains.
  
     Numerical estimates for DNSSEC penetration range from just 0.001% to 
     0.0015% (see slides 74-75 in my "Port 53 Wars" talk, available at
     http://www.uoregon.edu/~joe/port53wars/port53wars.ppt (or .pdf)),
     and the domains that *are* getting secured by DNSSEC are generally
     not the most popular domains, nor the ones which are being used for 
     critical online banking or electronic commerce, nor even those which 
     belong to market-leading (or thought-leading) technology companies.
  
     When DNSSEC is more broadly deployed it will be more practically
     useful; when it is more practically useful, it will be more broadly
     deployed. I'm sure it is no surprise to anyone that Internet 
     bootstrapping can be tough, whether we're talking about IP multicast,
     IPv6, jumbo frames, or, in this case, DNSSEC...
  
     Until substantial adoption does occur, we're largely arguing about 
     a theoretical issue of limited *practical* import. 
  
     If you want to help make DNSSEC (and the issue of who signs the root!) 
     one which *is* practically important, then folks need to *use* DNSSEC:
  
     -- if you operate name servers, configure the name servers you 
        administer to check the DNSSEC signatures of other zones,
  
     -- if you control one or more domains, sign your *own* zones, and
  
     -- talk to critical Internet partners you work with about DNSSEC 
        and the status of *their* name servers and *their* zones 
        (can you imagine the impact if even some of the giants such as 
        Google, Yahoo, CNN, the BBC, Amazon, AOL, IBM, Microsoft, Cisco, 
        WalMart, Citibank, etc., began to actually use -- and actively 
        encourage *others* to use -- DNSSEC?)
  
     DNS server admins who'd like to try DNSSEC can find pointers to 
     recipes for signing their own zones, and recipes for configuring 
     their name servers to check the signatures of others' zones, in my 
     talk at slide 76.
  
  2) So when *will* the question of *who* signs the root become technically
     important? Well, at the risk of offering a semi-tautological answer
     to a semi-rhetorical question, that will probably be when the root
     actually gets signed.
  
     The root zone is NOT signed today, and depending on your perspective, 
     signing of the root is either (a) imminent, or (b) something which may 
     *perpetually* remain at least six months away (see slides 55-58 from 
     my talk).
  
     If I were reading the tea leaves which are currently visible, I 
     think the indicator with the highest predictive value is likely 
     Verisign's February 2007 announcement of Project Titan, a three year 
     (and hundred million dollar) DNS upgrade initiative (see 
     http://www.verisign.com/titan/ ).
  
     I believe their completion of Project Titan may be a defacto 
     precondition for the potential signing of the root, although signing 
     of the root may still not occur even once Project Titan has been 
     completed (DNSSEC is clearly an after thought when it comes to that 
     expansion effort, not the central operational/business driver).
  
  3) Does this mean the whole matter of who signs the root is a complete
     non-issue? Most emphatically no.
  
     The issue of who signs the root is one which may be trivial as a 
     *practical* *technical* matter *today*, but it is one which is 
     potentially *huge* as a matter of policy and precedent, and as a 
     *longer term* practical technical issue, and as an issue which 
     has the potential to halt, slow, or potentially fragment DNSSEC's 
     actual deployment.
  
     If the issue of who signs the root cannot be consensually resolved,
     the most likely impact will be for DNSSEC adopters to move from
     a trust model rooted at "." to a trust model rooted at the TLD level. 
     Now, instead of having a minimal number of keys to juggle, sites 
     would be facing a far larger number of islands of trust, each
     with their own keys.
  
     Even with just DNSSEC's limited deployment to date, we already know 
     that when faced with the prospect of managing a large number of keys,
     adopters will turn to trusted third party brokers who *are* willing 
     to cryptographically vouch for multiple keys (for example see the 
     discussion of islands of trust and Domain Lookaside Validation (DLV) 
     at slides 59-61).
  
Bottom line, my belief is that ultimately the root *will* end up being 
signed. If the community viscerally or intellectually doesn't like the 
party providing that signature, the unhappy parts of the community have 
a number of options, including:
  
   -- they can ignore DNSSEC, not checking DNS signatures on their name 
      servers and not signing their own zones (remember that this is the
      default option selected by 99.999% of the online world right now, 
      including virtually everyone who may be reading this note)... but
      I think that would be... unfortunate.
  
   -- they can "hold their nose" and proceed (even if they're uncomfortable),
      using the default signed root unless/until some abuse of trust occurs 
      (and presumably everyone would be watching quite closely for any
      sign of inappropriate behavior, and presumably the party that 
      ultimately signs the root would know that and hopefully behave 
      accordingly)
  
   -- they can deploy a DLV-like solution, trusting a third party commercial
      or non-profit entity (or even some other government) to act as what 
      amounts to an alternative DNSSEC root-like trust anchor, or
  
   -- they can devote a tremendous amount of time and effort to arguing a 
      battle about who signs the root, potentially ultimately achieving a 
      Pyrrhic victory.
  
Given those options, and the current realities of DNSSEC deployment today, 
I'd suggest that people not devote their primary attention and energy to 
worries about whether or not a disliked or liked national authority 
ultimately signs the root, but rather I'd suggest that folks focus on 
whether or not DNSSEC ends up taking off at all. If you want DNSSEC to 
succeed, use it, talk about it, and write code to take advantage of its 
capabilities. Ultimately I believe the turf wars which may come up can be 
settled one way or another.
  
Regards,
  
Joe St Sauver (joe at oregon.uoregon.edu)
http://www.uoregon.edu/~joe/
Disclaimer: all opinions strictly my own

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list