DNSSEC to be strangled at birth.
Paul Hoffman
paul.hoffman at vpnc.org
Thu Apr 5 20:30:53 EDT 2007
At 7:54 PM -0400 4/5/07, Thor Lancelot Simon wrote:
>On Thu, Apr 05, 2007 at 04:49:33PM -0700, Paul Hoffman wrote:
>>
>> >because, with it, one can sign the appropriate
>> >chain of keys to forge records for any zone one likes.
>>
>> If the owner of any key signs below their level, it is immediately
>> visible to anyone doing active checking. The root signing furble.net
>> instead of .net signing furble.net is a complete giveaway to a
>> violation of the hierarchy and an invitation for everyone to call
>> bullshit on the signer. Doing so would completely negate the value of
>> owning the root-signing key.
>
>You're missing the point. The root just signs itself a new .net key,
>and then uses that to sign a new furble.net key, and so forth. No
>unusual key use is required.
And you seem to be missing my point. If the root signs itself a new
.net key, it will be completely visible to the entire community using
DNSSEC. The benefit of doing so in order to forge the key for
furble.net (or microsoft.com) will be short-lived, as will the
benefit of owning the root key.
>It's a hierarchy of trust: if you have the top, you have it all, and
>you can forge anything you like, including the keys used to sign the
>application key records used to encrypt user data, where they are
>present in the system.
The only reason for concern is if the top of the hierarchy can forge
without people noticing, or if people notice that they won't care. I
claim that that isn't possible, particularly if the root owner is
someone as unloved as USDHS.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list