[Cryptography] Certificates and PKI

Viktor Dukhovni cryptography at dukhovni.org
Wed Dec 24 16:59:48 EST 2014

On Wed, Dec 24, 2014 at 02:04:43PM -0500, Paul Wouters wrote:

> >>Ben limits CT transactions to recognized CAs to limit spam to the CA CT
> >>registries. Could the DNS registrars be enlisted as intermediaries in a DNS
> >>based CT registry to similarly limit spam?
> >
> >It seems rather easy, all log submissions of signed DS RRsets can
> >be validated up to the root.

I was just talking about spam prevention, nothing else.  A DS RRset
which validates up to the root, is either not spam, or if it is,
we know whom to blame.

> that does not provide any proof for a parent stealing an entry from your
> domain:
> example.com. IN NS ns1.yournameserver.com.
> example.com. IN DS 1234 8 2 <blob>
> www.example.com. IN A

Do you mean the parent pretending the delegation does not exist,
and returning a signed answer rather than a referral?

The parent can also actively deny the existence of DS records and
make the child zone "insecure".  Signed denial existence of DS RRs
at a delegation can be logged, when there is previous (not expired)
evidence of DS records.

However evidence of the parent serving the child zone, as if no
delegation existed, is more difficult to accomodate in a transparency

> The log
> can only log, the clients/monitors however have some really hard
> decisions to make to distinguish domain ownership change versus hostile
> take-over.

Surely for CT that distinction is not relevant.  CT exposes the
change to anyone who cares, and they decide whether it is legitimate,
and what they want to do about it.

> Additionally, DNS is supposed to work in a split-world, which will
> trigger false positives to the logs unless you can inform the logs
> of such split-view.

Folks operating non-public DNS views, cannot make use of public CT
logs at or below non-public delegations.

> As I said, the A record hostile take over above is the real problem. We
> don't want to start logging every DNS entry. But we would also not want
> to track labels vs zone cuts. I'm not sure yet what the solution should
> be.

An "A" record takeover is more easily done with BGP or other on-path
attacks at the network rather than DNS layer.  A more security-relevant
"takeover" is for "TLSA" records.


More information about the cryptography mailing list