[Cryptography] Cipher death notes

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Apr 6 03:51:22 EDT 2015


Phillip Hallam-Baker <phill at hallambaker.com> writes:

>The second question is one that the folk who think DNSSEC is a mechanism for
>securing the DNS have never really had an answer for. What do I do if the
>DNSSEC chain does not validate?

DNSSEC is interesting in that the further you get from the DNS core (the root
servers), the more it goes from being a highly-esteemed security measure to an
annoying PITA.  In other words the closer it gets to contact with IT reality,
the less well it functions.  Take your typical end user, who wants a buy one
of whatever it is you buy your kids this year, tries to connect to
www.thingstobuyyourkid.com, and gets told "The primary main processing cores
cross linked with a redundant melacortz ramistat and fourteen kiloquad
interface modules report that the core elements based on FTL nanoprocessor
units arranged into twenty-five bilateral kelilactirals with twenty of those
units being slaved to the central heisenfram terminal have said that you can't
visit this site, continue anyway Y/N?".  About, oh, ten out of ten users will
continue anyway.  Heck, I'm a security geek and I would continue past the
error, but for entirely different reasons, I know that about 99.9% of DNSSEC
failures are due to misconfigurations, software incompatibility, and other
FPs, so looking at the odds I know it's almost certainly just another FP and I
can ignore it.

Here's another one... this is a list full of security geeks, so lets do a
quick (virtual) show of hands:

- How many people have at some point received signed email (S/MIME, PGP,
  whatever)?

- Of the above, how many people have been warned about some sort of validation
  failure in said signed email (expired cert, couldn't find the key, signature
  didn't validate, couldn't find gpg for the validation, etc)?

- Of the above again, how many people immediately deleted the email without
  looking at it (it could be a drive-by download/infection)?

I would guess that by the time you've got to the third question, you'd be down
to zero people (I've been waiting for an excuse to do this poll in a roomful
of people at a security conference, just need to get the right talk to ask it
at).

Designing a security mechanism that doubles as a self-inflicted DoS pretty
much guarantees it's going to be disabled by anyone who has a choice.

Peter.


More information about the cryptography mailing list