Possibly questionable security decisions in DNS root management

[Bill Stewart]

At 12:14 PM 10/22/2009, David Wagner wrote:
>Back to DNSSEC: The original criticism was that "DNSSEC has covert
>channels".  So what?  If you're connected to the Internet, covert
>channels are a fact of life, DNSSEC or no.  The added risk due to any
>covert channels that DNSSEC may enable is somewhere between negligible
>and none, as far as I can tell.  So I don't understand that criticism.

I thought it was also that DSA had covert channels,
but I also don't see why that's as relevant here,
and I share Dave's skepticism about threat models.
It's unlikely that DNSSEC will let you do anything any more heinous
than Dan Kaminsky's streaming-video-over-DNS hacks have already done.

There are two obvious places that data can be leaked -
the initial key signature process, and the DNS client/server process.
If the people who certify the root or TLDs can't be trusted,
the number of those people is small enough that they can simply
send the secret data to their unindicted co-conspirators
without all the trouble of hiding it in a covert channel on a very public 
DNS server.

And if Bad Guys have compromised the software used in a DNS server,
while they could be subtle and hide data in DSA signatures of DNS records,
it would be much easier to just send it as data if the query
has the evil bit set or asks for covertchannel1.com or whatever.
There's plenty of room in the formats even without DSA.



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com