DNSSEC to be strangled at birth.

Nicolas Williams Nicolas.Williams at sun.com
Fri Apr 6 11:49:07 EDT 2007


On Thu, Apr 05, 2007 at 04:49:33PM -0700, Paul Hoffman wrote:
> At 7:26 PM -0400 4/5/07, Thor Lancelot Simon wrote:
> >On Thu, Apr 05, 2007 at 07:32:09AM -0700, Paul Hoffman wrote:
> >> Control: The root signing key only controls the contents of the root,
> >> not any level below the root.
> >
> >That is, of course, false,
> 
> This is, of course false. In order to control the contents of the 
> second level of the DNS, they have to either change the control of 
> the first level (it's kinda obvious when they take .net away from 
> VeriSign) or they have to sign across the hierarchy (it's kinda 
> obvious when furble.net is signed by someone other than .net).

Think of the DNSSEC root as the root CA of a universal PKI (finally).

The root CA of any PKI can act as an MITM between any pair of peers in
that PKI, no matter how many intervening CAs there may be between the
root and each peer.

The problem with wanting the DNSSEC root keys for facilitating MITM
attacks is that people are likely to notice, and secrecy is typically
something that an MITM attacker wants.  To avoid detection the MITM
would have to get between the target client and all of DNS; and that's
difficult because typically clients get DNS cache service from their
immediate network service provider -- which cache the MITM does not want
to pollute, so as to avoid discovery...

Which means that the MITM would need the cooperation of the client's
provider in many/most cases (a political problem) in order to be able to
quickly get in the middle so close to a leaf node (a technical problem).

Then there's the need to scale this -- if you can only use this MITM
capability occasionally, what's the point?  And what targets would DHS
have that it could subvert in this way but not in other, simpler ways?
Criminals?  Not likely (besides, isn't that DoJ's job?).  Spies?  Less
likely.  Clients abroad?  Less likely still.  Dumb spies/criminals?
Well, there'd be other ways to attack those.

IMO, DHS gets too little real value from having the DNSSEC root keys in
terms of MITM attack capability.

And it will not get much value in terms of DoS attacks on, say, ccTLDs
-- alternate roots would spring up and if the DoS were widely seen as
unjustified most of the world outside the U.S. would end up using the
alternate root.  A DoS on a ccTLD would be a one-time deal, politically.

The DHS would get real value in terms of veto power over new TLDs, IFF
it is the only one to possess the root private key.  But that's not what
the story said, IIRC.

The real problem with DHS having these keys in _addition_ to ICANN is
that the more fingers in the pie the more likely it is that the key will
be breached, leading to key rollover.

I must admit that I am mystified as to why DHS would want these keys.
Count me as among those who think the story is in error, or that DHS has
received bad advice.  I am NOT among those who are prepared to believe
the worst of DHS; I expect that those of you more paranoid than I will
discount my analysis of the MITM attack potential.  Or perhaps I
discount the difficulty of pulling off these MITM attacks too much
(perhaps noone would notice cache pollution?).  Tell me.

Nico
-- 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list