[Cryptography] asymmetric attacks on crypto-protocols - the rough consensus attack

Phillip Hallam-Baker phill at hallambaker.com
Tue Aug 4 11:09:48 EDT 2015


On Sun, Aug 2, 2015 at 11:56 AM, Dan McDonald <danmcd at kebe.com> wrote:

> On 1 August 2015 at 21:27, ianG <iang at iang.org> wrote:
> > Can anyone suggest a way to get around this?  I think this really puts a
> > marker on the map - you simply can't do a security/crypto protocol under
> > rough consensus in open committee, when there is an attacker out there
> > willing to put in the resources to stop it.
> >
> > Thoughts?
>
> It's a problem, like terrorism is a real problem.  ALSO like terrorism,
> the mere threat of such a problem can be used by people with strong NIH
> infections to push their own terrible alternatives simply by waving the
> threat of the "rough consensus attacker" around.
>
> This has happened in Real Life before, and it will happen again.  It
> doesn't diminish the actual problem of a rough-consensus attack, but the
> concept is rife for hiding other abuses.  (Were I real tinfoil-hat-wearer,
> I might argue a rough consensus attacker would use NIH fanatics as a second
> prong.)


I am very sure I have seen exactly that.

Back in 2000, after VeriSign bought Network Solutions, Warwick Ford and
myself took a look at what it would take to deploy DNSSEC which was one of
the main reasons behind the purchase. There was a huge scalability problem
in the spec which required an NSEC record to be inserted for every record
in the zone.

The DNSSEC code was written and would have deployed when VeriSign deployed
ATLAS in 2002. The only reason that code was pulled was that a faction in
the IETF refused to allow a very minor change to the DNSSEC spec so that
NSEC would only cover signed zones.

The extra cost of the original approach was over $30 million as it would
require the use of 64 bit machines rather than 32 bits. The choice was
between modified DNSSEC and no DNSSEC at all. But the NSA BULLRUN folk were
able to derail the discussion and block the change. They also made sure
ICANN would not permit deployment of any DNSSEC scheme that was not IETF
approved.

The spec was eventually fixed, many years later. But that is why you don't
have security in the DNS today. The difficulty of deploying an
infrastructure change like that goes up the longer deployment is delayed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150804/ba182598/attachment.html>


More information about the cryptography mailing list