[Cryptography] Against against DNS (Re: New SSL/TLS certs to each live no longer than 47) days by 2029

Mon May 5 15:43:10 EDT 2025

> On May 4, 2025, at 10:23 PM, Jon Callas <jon at callas.org> wrote:
> 
>> On May 4, 2025, at 19:42, jrzx <jrzx at protonmail.ch> wrote:
>> 
>> 
>> DNS is inherently vulnerable to governments hijacking domain names, and it is a big problem.  It would seem also inherently vulnerable to man in the middle attacks, but this does not seem to be a problem.  What prevents that from being a problem?<publickey - jrzx at protonmail.ch - 0x4B137C8A.asc>
> 
> There are many reasons, in my opinion. They fall into two broad categories, and I'll go into each of them. They are:
> 
> * How an MiTM works. (Spoiler: not the way most people think.)
> * How DNS (and TLS) works. (Spoiler: not the way most people think.)

This was a really great summary.  But I would like to push back a little against this:

> Moreover, there are scores of impersonation attacks that are devastating, and not MiTMs. In a real-world example, there was a phishing operation that used a spoofed retailer. As I remember it, the retailer was Amazon, and let's just call the spoof 4mazon (in my mind, I pronounce it "Formazon").

Spoofs can indeed be very harmful, but at least there is the *possibility* of mitigating them by paying attention to what is in your browser's address bar, or only navigating to mission-critical sites through a curated set of bookmarks.  Those mitigations are not effective against MITM attacks.  With an MITM attack, I can go to the actual URL of my bank, verify that the IP address is the same as it was the last time I actually talked to my bank, see a site that is totally indistinguishable from my bank's actual web site, and still be compromised.  There is absolutely no way for me to tell.  With SSL in the loop, there is, at least potentially, a way for me to tell if I'm actually talking to my bank or not.  More specifically, I can tell if I'm talking to someone who possess a certain secret, and they can verify this without revealing what that secret actually is, even to an MITM adversary.  And if they do verify this, then we can use this secret to establish a comms channel that is secure even against an MITM adversary.  The power of that capability should not be underestimated.

Yes, MITM is harder than spoofing even without SSL.  But MITM is more effective and so can be profitably deployed against higher-value targets.  Personally, I want to defend against that.  Having someone buy a big-screen TV on my credit card is annoying but not catastrophic.  Having them wire all the money in my bank to the Cayman Islands is a whole nuther level of hurt.

rg