IETF Logo Mail Archive

Re: [Asrg] DNSSEC is NOT secure end to end (more tutorial than debating)

Richard Barnes <rbarnes@bbn.com> Tue, 02 June 2009 15:41 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 026463A69DB; Tue, 2 Jun 2009 08:41:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M0k9GxZtTBSw; Tue, 2 Jun 2009 08:41:31 -0700 (PDT)
Received: from mx11.bbn.com (mx11.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id 3FAD33A69B4; Tue, 2 Jun 2009 08:41:31 -0700 (PDT)
Received: from col-dhcp33-244-170.bbn.com ([128.33.244.170] helo=Richard-Barnes-Laptop.local) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from <rbarnes@bbn.com>) id 1MBW79-0006xb-F6; Tue, 02 Jun 2009 11:41:23 -0400
Message-ID: <4A254823.9000405@bbn.com>
Date: Tue, 02 Jun 2009 11:41:23 -0400
From: Richard Barnes <rbarnes@bbn.com>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: Thierry Moreau <thierry.moreau@connotech.com>
References: <200905302032.n4UKVxaZ048822@givry.fdupont.fr> <4A21C0CB.8070409@necom830.hpcl.titech.ac.jp> <8EFB68EAE061884A8517F2A755E8B60A1EF83F8661@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com> <4A252B54.6020508@necom830.hpcl.titech.ac.jp> <4A2533B3.7070804@bbn.com> <4A25404E.1080601@connotech.com>
In-Reply-To: <4A25404E.1080601@connotech.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Tue, 02 Jun 2009 10:33:52 -0700
Cc: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>, Christian Huitema <huitema@windows.microsoft.com>, Francis Dupont <Francis.Dupont@fdupont.fr>, "ietf@ietf.org" <ietf@ietf.org>, Anti-Spam Research Group - IRTF <asrg@irtf.org>
Subject: Re: [Asrg] DNSSEC is NOT secure end to end (more tutorial than debating)
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2009 15:41:32 -0000

> I guess what Masataka was referring to is a different source of 
> variance, i.e. an impersonation of JPNIC's authority over its domain of 
> control (using a compromised JPNIC's private key).

This is still just an extension of the trust you already have in your 
parent domains.  You already have to trust that a parent domain's 
servers aren't going to be subverted and used to provide false answers. 
  And since the most likely way for a DNSSEC key to get compromised is 
for it to be stolen (rather than cracked via the public key or 
signatures), these two levels of trust turn out to be the same.

(In fact, a wily attacker would just use his access to the zone to make 
his changes, rather than having to spoof every client / resolver / cache 
individually.)

There really is very little new here, in terms of the trust that's being 
  placed in zone maintainers.  It's just that DNSSEC now allows you to 
have the maintainers (which you already trust, see above) protect the 
integrity of records they send to you as they go across the wire.

(That is: You already trust the zones above you to maintain the 
integrity of the zone on the *server*; DNSSEC just extends that 
protection on the *wire*.)

--Richard

v2.23.0 | Report a Bug | By Email