[Cryptography] DNSSEC = completely unnecessary?

Nico Williams nico at cryptonector.com
Mon Nov 4 15:27:32 EST 2013 

On Mon, Nov 04, 2013 at 10:33:11AM -0500, Greg wrote:
> > It's true as we bolt more and more stuff into HTTP Headers (HSTS,
> > Public Key Pinning, etc) the value of DNSSEC _for HTTPS_ goes down.
> > But there is still value there to be gained for other protocols,
> > nearly all of which bootstrap off DNS.
> 
> I'm curious, what are these other protocols, and why can't they be
> secured simply by using SSL/TLS + some type of cert. verification?

"some type of cert. verfication" is exactly what goes on.  And it's
weak.  It's weak because:

 - there's no single root for the PKI and it's not hierarchical -- there
   are many, many roots that can MITM each others' customers to their
   relying parties, and,

 - name constraints didn't get implemented

Whereas DNSSEC gets both of those things right from the word 'go'.
There may be multiple registrars for a zone, and often there are, but
it's not possible for each registrar to issue MITM certificates, say,
and you'll notice immediately if a registrar steps on another's (and
their customers') toes.

> Let's say that they can, and that it takes 1000 man hours to do this.

It's done, and has been for a long time.  It sucks.

> Let's also assume that it takes 10x as much time to implement
> widespread DNSSEC use. Then why are we wasting all those man hours on
> implementing DNSSEC instead of using them to add SSL/TLS + cert.
> verification to other protocols?

Because the TLS server PKI isn't, and it sucks.

DNSSEC doesn't take 10x more time and effort to implement and deploy
than the TLS server PKI.  Deployment of anything new like this is
asymptotic, but eventually we'll get close enough.

> Why is anyone still using HTTP?!? It's 2013!

Because encrypting everything is expensive (computationally, which is to
say: expensive in terms of *energy*, which is to say expensive as in
$$$$).  Static content should simply be hashed and their hashes be
included in the hrefs to the static content, all of this built into
Merkle hash chains, effectively, and only dynamic content and static
content roots encrypted and authenticated.

> Why does it cost any money to get an HTTPS cert?

Because you want assurance that the certified key corresponds to the
certified name.  Verifying ownership of names is hard.

Security is not cheap, much less free.  Backing the whole enchilada are
the law and courts (including international law).  None of it cheap or
free.

Nico
--

More information about the cryptography mailing list