IETF Logo Mail Archive

Re: [Asrg] DNSSEC is NOT secure end to end

David Wilson <David.Wilson@isode.com> Tue, 09 June 2009 08:18 UTC

Return-Path: <David.Wilson@isode.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5EE053A6E1F for <asrg@core3.amsl.com>; Tue, 9 Jun 2009 01:18:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d2n95wWaZYOu for <asrg@core3.amsl.com>; Tue, 9 Jun 2009 01:18:27 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id DF8993A6912 for <asrg@irtf.org>; Tue, 9 Jun 2009 01:18:26 -0700 (PDT)
Received: from [192.168.50.2] (82-44-14-207.cable.ubr04.mort.blueyonder.co.uk [82.44.14.207]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <Si4afQAh5Eyb@rufus.isode.com>; Tue, 9 Jun 2009 09:17:01 +0100
From: David Wilson <David.Wilson@isode.com>
To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
In-Reply-To: <4A2DA4C8.2000304@necom830.hpcl.titech.ac.jp>
References: <200905302032.n4UKVxaZ048822@givry.fdupont.fr> <4A21C0CB.8070409@necom830.hpcl.titech.ac.jp> <8EFB68EAE061884A8517F2A755E8B60A1EF83F8661@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com> <4A252B54.6020508@necom830.hpcl.titech.ac.jp> <1244061519.2778.62.camel@bravo.isode.net> <4A29EC02.6000807@necom830.hpcl.titech.ac.jp> <1244490849.2822.21.camel@bravo.isode.net> <4A2DA4C8.2000304@necom830.hpcl.titech.ac.jp>
Organization: Isode Limited
Date: Tue, 09 Jun 2009 09:17:00 +0100
Message-Id: <1244535420.2760.64.camel@bravo.isode.net>
X-Mailer: Evolution 2.26.2 (2.26.2-1.fc11)
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Cc: Anti-Spam Research Group - IRTF <asrg@irtf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [Asrg] DNSSEC is NOT secure end to end
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2009 08:18:27 -0000

On Tue, 2009-06-09 at 08:54 +0900, Masataka Ohta wrote:
> > This origin authentication and integrity is precisely what is
> required
> > to avoid the DNS cache poisoning which is the kind of vulnerability
> > which prompted this discussion.
> 
> As has been discussed in the thread, DNSSEC is NOT a protection
> against cache poisoning, because caches poisoned with forged
> certificate breaks the security.
> 
I think you need to explain how this happens in detail. For instance, an
attacker wishes to poison the cache of some ISP's DNS server for
'example.com.". Currently, it gets the server to request information
about example.com from its authoritative server, and sends information
that purports to be from that server. It needs to guess some properties
of the original request, but there have been and are various features of
DNS servers which make this easier than you might think. Without DNSSEC,
the attacked DNS resolver simply accepts the information.

With DNSSEC, a security aware resolver will want to check the signature.
The information is only accepted if the signature checks out, and the
key is trusted. If the key is a trust anchor, then the check is
complete. If not, then the resolver needs to get the DS RR for
example.com from com's DNS server. This information is itself signed
with com's signing key. So, it will not accept that unless it verifies.
If com's signing key is not a trust anchor, then it will get com's DS RR
from the root. Also signed by root, and the root key is probably a trust
anchor.

If any of this information is not available, or is not signed, then the
trust chain is not present, and the original information is not accepted
by the security aware resolver.

So, perhaps you can explain how an attacker can get a security aware
resolver to accept information which will subvert this?

I think you have proposed that an attacker might explicitly subvert the
chain. In this case it would involve getting the com DNS server to
accept a DS RR for example.com. This is altogether harder problem for
the attacker, and is of a significantly different character than cache
poisoning, as it involves actual changes to the DNS servers, rather than
just persuading resolvers to accept incorrect information.

But, perhaps this mechanism would better be reported to people other
than the asrg.

v2.23.0 | Report a Bug | By Email