Re: [Asrg] DNSSEC is NOT secure end to end (more tutorial than debating)
Richard Barnes <rbarnes@bbn.com> Tue, 02 June 2009 15:41 UTC
Return-Path: <rbarnes@bbn.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 026463A69DB; Tue, 2 Jun 2009 08:41:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M0k9GxZtTBSw; Tue, 2 Jun 2009 08:41:31 -0700 (PDT)
Received: from mx11.bbn.com (mx11.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id 3FAD33A69B4; Tue, 2 Jun 2009 08:41:31 -0700 (PDT)
Received: from col-dhcp33-244-170.bbn.com ([128.33.244.170] helo=Richard-Barnes-Laptop.local) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from <rbarnes@bbn.com>) id 1MBW79-0006xb-F6; Tue, 02 Jun 2009 11:41:23 -0400
Message-ID: <4A254823.9000405@bbn.com>
Date: Tue, 02 Jun 2009 11:41:23 -0400
From: Richard Barnes <rbarnes@bbn.com>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: Thierry Moreau <thierry.moreau@connotech.com>
References: <200905302032.n4UKVxaZ048822@givry.fdupont.fr> <4A21C0CB.8070409@necom830.hpcl.titech.ac.jp> <8EFB68EAE061884A8517F2A755E8B60A1EF83F8661@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com> <4A252B54.6020508@necom830.hpcl.titech.ac.jp> <4A2533B3.7070804@bbn.com> <4A25404E.1080601@connotech.com>
In-Reply-To: <4A25404E.1080601@connotech.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Tue, 02 Jun 2009 10:33:52 -0700
Cc: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>, Christian Huitema <huitema@windows.microsoft.com>, Francis Dupont <Francis.Dupont@fdupont.fr>, "ietf@ietf.org" <ietf@ietf.org>, Anti-Spam Research Group - IRTF <asrg@irtf.org>
Subject: Re: [Asrg] DNSSEC is NOT secure end to end (more tutorial than debating)
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2009 15:41:32 -0000
> I guess what Masataka was referring to is a different source of > variance, i.e. an impersonation of JPNIC's authority over its domain of > control (using a compromised JPNIC's private key). This is still just an extension of the trust you already have in your parent domains. You already have to trust that a parent domain's servers aren't going to be subverted and used to provide false answers. And since the most likely way for a DNSSEC key to get compromised is for it to be stolen (rather than cracked via the public key or signatures), these two levels of trust turn out to be the same. (In fact, a wily attacker would just use his access to the zone to make his changes, rather than having to spoof every client / resolver / cache individually.) There really is very little new here, in terms of the trust that's being placed in zone maintainers. It's just that DNSSEC now allows you to have the maintainers (which you already trust, see above) protect the integrity of records they send to you as they go across the wire. (That is: You already trust the zones above you to maintain the integrity of the zone on the *server*; DNSSEC just extends that protection on the *wire*.) --Richard
- [Asrg] DNS-based Email Sender Authentication Mech… Amir Herzberg
- Re: [Asrg] DNS-based Email Sender Authentication … Dave CROCKER
- Re: [Asrg] DNS-based Email Sender Authentication … Steve Atkins
- [Asrg] 答复: DNS-based Email Sender Authentication … Sean Shen
- Re: [Asrg] ´ð¸´: DNS-based Email Sender Authentic… grenville armitage
- Re: [Asrg] DNS-based Email Sender Authentication … Jose-Marcio Martins da Cruz
- Re: [Asrg] ´ð¸´: DNS-based Email Sender Authentic… Amir Herzberg
- Re: [Asrg] DNS-based Email Sender Authentication … Douglas Otis
- Re: [Asrg] DNS-based Email Sender Authentication … der Mouse
- Re: [Asrg] DNS-based Email Sender Authentication … John Leslie
- Re: [Asrg] DNS-based Email Sender Authentication … Douglas Otis
- Re: [Asrg] DNS-based Email Sender Authentication … Amir Herzberg
- Re: [Asrg] DNS-based Email Sender Authentication … Douglas Otis
- Re: [Asrg] DNS-based Email Sender Authentication … Jose-Marcio Martins da Cruz
- Re: [Asrg] DNS-based Email Sender Authentication … Chris Lewis
- Re: [Asrg] DNS-based Email Sender Authentication … Amir Herzberg
- Re: [Asrg] DNS-based Email Sender Authentication … Jose-Marcio Martins da Cruz
- Re: [Asrg] DNS-based Email Sender Authentication … Alessandro Vesely
- Re: [Asrg] DNS-based Email Sender Authentication … Dave CROCKER
- Re: [Asrg] DNS-based Email Sender Authentication … Douglas Otis
- Re: [Asrg] DNS-based Email Sender Authentication … Chris Lewis
- Re: [Asrg] DNS-based Email Sender Authentication … Alessandro Vesely
- Re: [Asrg] DNS-based Email Sender Authentication … Douglas Otis
- Re: [Asrg] DNS-based Email Sender Authentication … der Mouse
- Re: [Asrg] rDNS Douglas Otis
- Re: [Asrg] DNS-based Email Sender Authentication … Chris Lewis
- Re: [Asrg] rDNS der Mouse
- Re: [Asrg] DNS-based Email Sender Authentication … John Levine
- [Asrg] DNS over SCTP (was: Re: DNS-based Email Se… Alessandro Vesely
- Re: [Asrg] rDNS Alessandro Vesely
- Re: [Asrg] DNS over SCTP Alessandro Vesely
- Re: [Asrg] DNS over SCTP Alessandro Vesely
- Re: [Asrg] DNS over SCTP (was: Re: DNS-based Emai… SM
- Re: [Asrg] DNS over SCTP Douglas Otis
- Re: [Asrg] rDNS der Mouse
- Re: [Asrg] rDNS Alessandro Vesely
- Re: [Asrg] DNS over SCTP Alessandro Vesely
- Re: [Asrg] DNS over SCTP Alessandro Vesely
- Re: [Asrg] rDNS der Mouse
- Re: [Asrg] DNS-based Email Sender Authentication … Florian Weimer
- Re: [Asrg] DNS-based Email Sender Authentication … Douglas Otis
- Re: [Asrg] DNS over SCTP Douglas Otis
- Re: [Asrg] rDNS discrimination Alessandro Vesely
- Re: [Asrg] DNS over SCTP (was: Re: DNS-based Emai… Stephane Bortzmeyer
- Re: [Asrg] DNS over SCTP Stephane Bortzmeyer
- Re: [Asrg] DNS over SCTP David Conrad
- Re: [Asrg] DNS over SCTP Paul Wouters
- Re: [Asrg] DNSSEC is NOT secure end to end Thierry Moreau
- Re: [Asrg] DNS over SCTP David Conrad
- Re: [Asrg] DNS over SCTP Masataka Ohta
- Re: [Asrg] DNS over SCTP Michael Tüxen
- Re: [Asrg] DNS over SCTP Paul Wouters
- Re: [Asrg] DNS over SCTP (was: Re: DNS-based Emai… Francis Dupont
- Re: [Asrg] DNS over SCTP Francis Dupont
- Re: [Asrg] DNS over SCTP David Conrad
- Re: [Asrg] DNS over SCTP Francis Dupont
- Re: [Asrg] DNSSEC is NOT secure end to end Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end Bill Manning
- Re: [Asrg] DNS-based Email Sender Authentication … Florian Weimer
- Re: [Asrg] DNSSEC is NOT secure end to end Francis Dupont
- Re: [Asrg] DNSSEC is NOT secure end to end Christian Huitema
- Re: [Asrg] DNS-based Email Sender Authentication … Douglas Otis
- Re: [Asrg] DNS-based Email Sender Authentication … Amir Herzberg
- Re: [Asrg] DNSSEC is NOT secure end to end Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end Paul Wouters
- Re: [Asrg] DNSSEC is NOT secure end to end Richard Barnes
- Re: [Asrg] DNSSEC is NOT secure end to end (more … Richard Barnes
- Re: [Asrg] DNSSEC is NOT secure end to end David Wilson
- Re: [Asrg] DNSSEC is NOT secure end to end (more … Thierry Moreau
- Re: [Asrg] DNSSEC is NOT secure end to end (more … Thierry Moreau
- Re: [Asrg] DNSSEC is NOT secure end to end Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end (more … Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end (more … Mark Andrews
- Re: [Asrg] DNSSEC is NOT secure end to end (more … Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end Christian Huitema
- Re: [Asrg] DNSSEC is NOT secure end to end Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end Doug Otis
- Re: [Asrg] DNSSEC is NOT secure end to end Paul Wouters
- Re: [Asrg] DNSSEC is NOT secure end to end Doug Otis
- Re: [Asrg] DNSSEC is NOT secure end to end Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end David Wilson
- Re: [Asrg] DNSSEC is NOT secure end to end David Wilson
- Re: [Asrg] DNSSEC is NOT secure end to end Masataka Ohta
- [Asrg] RISC is end to end (was Re: DNSSEC is NOT … Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end David Wilson
- Re: [Asrg] DNSSEC is NOT secure end to end David Wilson
- Re: [Asrg] DNSSEC is NOT secure end to end Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end Masataka Ohta
- Re: [Asrg] DNSSEC is NOT secure end to end der Mouse
- Re: [Asrg] DNS over SCTP Alessandro Vesely