[Cryptography] DNSSEC = completely unnecessary + a bad idea?

Greg greg at kinostudios.com
Mon Nov 4 20:18:18 EST 2013 

> When one defines all problems to be nails, the solution will always
> be a hammer, and people making axes will appear to be wasting their
> time.

Here, I agree with you.

Where we disagree is in what we consider to be nails, hammers, and axes.

Finding good documentation on DNSSEC has proven to be difficult, but as far as I can tell, DNSSEC appears to be a sort of frankenstein re-implementation of the authentication aspects of SSL/TLS.

I've yet to see any compelling case that this is not so.

> - You're trying to secure HTTP over TLS.

Well, duh. That's the bare minimum.

> - You assume the destination website has a certificate from a trusted public CA.
> - You assume that the HTTPS client does not trust any rogue CAs.
> - You assume that the CA issued the certificate based on criteria stronger
>  than verifying that the requestor seems to control the DNS for the domain.
> - You assume that CA certificates assert a stronger claim than domain
>  ownership, i.e. some sort of brand validation, as in EV certificates.

> - You're only trying to secure the small minority of HTTP sites with EV
>  certificates for brand-name domains.

These are all basically the same issue (as far as I can tell), not five separate ones.

This issue (trust), has not been solved by HTTPS.

HTTPS does not guarantee trust.

Neither does DNSSEC though! (as far as I can tell)

DNSSEC appears to be doing basically the same type of "chain of trust" thing that CA's provide (and in a terribly broken way, I might add).

As far as I've been able to understand, it wants a trusted "root":

"So we need a way to have trusted keys (anchors) sign further keys, in hopes of one day having a signed root."

That's crazy-talk!

Who wants "a signed root"?!? I don't! Neither should anyone else!

Haven't we learned from HTTPS that trusting root CAs is a bad idea?

DNSSEC doesn't:

- encrypt your requests
- encrypt your data
- protect you from compromised root keys

What good is it?

Private keys should be treated nonchalantly. If one is compromised, the consequences shouldn't be dire or a pain-in-the-a**. Why? Because private key compromise _will happen_, especially with systems like DNSSEC and HTTPS that put so much importance on them.

And these guys are seriously trying to coordinate an "international effort" to switch to such a broken system?? Give me a break!

I can only hope that the complexity of DNSSEC, and the quarreling over who gets control over the master keys will keep it from ever being adopted or taken seriously.

The internet is a *NET*work. There is no place on a network for a single point of failure, and any actor burdened with the responsibility of holding "ultimate trust" _automatically_ and _necessarily_ becomes untrustworthy.

- Greg

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Nov 4, 2013, at 3:55 PM, Viktor Dukhovni <cryptography at dukhovni.org> wrote:

> On Sun, Nov 03, 2013 at 11:33:37PM -0500, Greg wrote:
> 
>> In all my readings on it I kept walking away thinking that I
>> understood its purpose, but I'd then come back at myself with the
>> same question: what does it give us over HTTPS?
> 
> Nothing: provided:
> 
> - You're trying to secure HTTP over TLS.
> - You assume the destination website has a certificate from a trusted public CA.
> - You assume that the HTTPS client does not trust any rogue CAs.
> - You assume that the CA issued the certificate based on criteria stronger
>  than verifying that the requestor seems to control the DNS for the domain.
> - You assume that CA certificates assert a stronger claim than domain
>  ownership, i.e. some sort of brand validation, as in EV certificates.
> - You're only trying to secure the small minority of HTTP sites with EV
>  certificates for brand-name domains.
> - If your protocol is not HTTP, there is no DNS-based indirection from
>  client destination to server domain as with MX or SRV records.
> - ...
> 
> When one defines all problems to be nails, the solution will always
> be a hammer, and people making axes will appear to be wasting their
> time.
> 
>> What say you list? To me, the DNSSEC thing seems like it might
>> be mostly a waste of a bunch of people's time.
> 
> Perhaps the bunch of people "wasting" time on DNSSEC are interested
> in a broader class of problems.
> 
> -- 
> 	Viktor.
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131104/9aea39bd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131104/9aea39bd/attachment.pgp>

More information about the cryptography mailing list