DNSSEC to be strangled at birth.

Dave Korn dave.korn at artimi.com
Sat Apr 7 06:42:26 EDT 2007 

On 06 April 2007 00:50, Paul Hoffman wrote:

>> because, with it, one can sign the appropriate
>> chain of keys to forge records for any zone one likes.
> 
> If the owner of any key signs below their level, it is immediately
> visible to anyone doing active checking. 

  Only if they get sent that particular forged DNS response.  It's more likely
to be targeted.  DHS man shows up at suspect's ISP, with a
signed-below-its-level dns record (or a whole hierarchy of normally signed
records) to install on just their servers and perhaps even to serve up to just
one of their customers.  Nobody else gets to see it.

>> Plus, now that applications are keeping public keys for services in
>> the DNS, one can, in fact, forge those entries and thus conduct man in
>> the middle surveillance on anyone dumb enough to use DNS alone as a
>> trust conveyor for those protocols (e.g. SSH and quite possibly soon
>> HTTPS).
> 
> ...again assuming that the users of those keys don't bother to look
> who signed them.

  I think that's a safe assumption.  How are these users meant to "look"?
Little lock-icon in the status bar?

> Because I believe that ISPs, not just security geeks, will be
> vigilant in watching whether there is any layer-hopping signing and
> will scream loudly when they see it. AOL and MSN have much more to
> lose if DHS decides to screw with the DNS than anyone on this list
> does. 

  Can I point out that large telecomms corporations have been making a habit
of silently acquiescing to whatever illegal and spuriously-motiveated requests
the DHS or anyone else invoking the magic words "war on terror" is capable of
dreaming up?

> Having said that, it is likely that we will be the ones to
> shoot the signal flares if DHS (or ICANN, for that matter) misuses
> the root signing key. But it won't be us that causes DHS to stand
> down or, more likely, get thrown off the root: it's the companies who
> have billions of dollars to lose if the DNS becomes untrusted.

  We already had this with PKI and SSL, and it basically failed.  Works fine
on a small scale in a tightly-disciplined organisation; fails totally to scale
to Joe Internet-User.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list