Re: [DNSOP] DNSSEC as a Best Current Practice
Ted Lemon <mellon@fugue.com> Wed, 23 March 2022 08:21 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B149D3A125E for <dnsop@ietfa.amsl.com>; Wed, 23 Mar 2022 01:21:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o6kqvsDMCup7 for <dnsop@ietfa.amsl.com>; Wed, 23 Mar 2022 01:21:03 -0700 (PDT)
Received: from mail-oa1-x34.google.com (mail-oa1-x34.google.com [IPv6:2001:4860:4864:20::34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6A0D3A125D for <dnsop@ietf.org>; Wed, 23 Mar 2022 01:21:03 -0700 (PDT)
Received: by mail-oa1-x34.google.com with SMTP id 586e51a60fabf-de2cb87f6aso928677fac.10 for <dnsop@ietf.org>; Wed, 23 Mar 2022 01:21:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wD3KIS6wgLjudwcz2Frf0L+dFGq1jkXFpI+lrQ2APZE=; b=bP3s+LJybJZfil23oA75YQbrOZyq8ph29f5w14V1wZy0O7QDKpcPj94qE+gwCL9Bga cwNwUSvORNDPvsJXLvOIIlTPmG/HZ3bzyNtoAZw5aABQJ01nh5IMtXvHsPGnVDtLNEiY O0NJSWMUCXm166YDaiDe6PMjyV+kYDyQLAXOYXkEGAY3ZwVqvWAuNI2jS+khDORQox3w 7BERRs2ScIeSeSEkihT1vyr4Pufggtf24akmLj7X6hJ/ODFkf1eyVilc92Dpbkj+5r7i lEbUdnaOH9lCOXYrWWGEQ29lcA51j4rpzsWO9MMvR2nJD+3rum1ckgmBiwZ16tuL+ETy DGZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wD3KIS6wgLjudwcz2Frf0L+dFGq1jkXFpI+lrQ2APZE=; b=QejpV2fpt0RB7iUflCTGIDK6w7T/KzWBYjfjvjabhPUes1ENsXfv64mvTB9uWYPLwF HEwnpEgw1zBagAVgKikv4sICiZuar6monT2D3bSHu3xAt7zKjd8N9/tepwMPqfkUrZyp 8Wph02jr23BfBCFXoWTMeBfauV1lHp90E/U/LhRhgxyC9HKz4fBM1e5MRSju5z7UWqAC z036eq/zSHh6fVCSu/lRtIbG5tlNbBbicIX2GYN6rOaZ3Qn30CkuQkvsuYjLf48Z8WMi 5xo2pBtwz2eqkj0RiV2TluhRliPWiQVk9BY2Igr/I3aYzGbBl2yFTIDc+sxU9V6QGrb+ KMKA==
X-Gm-Message-State: AOAM532XwBD+iIfey3eQ3FliaPR++YkvDfiv0KtO+MUHG+TlF4YpJ1tc kIhuzlXaowgZOYYzU6+lc02ANMr17esByyd9Drn5Lw==
X-Google-Smtp-Source: ABdhPJzxfDpJUqHtmbq3tfX38mt/mjgSqgU7xN6XWweO8iIvwR11twIp/v2CSAI9EVGU26929r/5xoSnWDY6gJOz9zc=
X-Received: by 2002:a05:6870:46a1:b0:dd:a325:6fc7 with SMTP id a33-20020a05687046a100b000dda3256fc7mr3614340oap.12.1648023662077; Wed, 23 Mar 2022 01:21:02 -0700 (PDT)
MIME-Version: 1.0
References: <163bfd78-c21d-084c-9f6d-9d29b80bcbd1@necom830.hpcl.titech.ac.jp> <7B3A5D3D-2E84-45A7-BE5F-3BAC3650E95C@hopcount.ca> <e722a37a-1476-d90b-b4df-e9d4604bea59@necom830.hpcl.titech.ac.jp> <e8566381-d8e8-b99f-67c3-2e89dc9cb85@nohats.ca> <affe488c-d2c4-05a0-69b4-12c2aa97dbfa@necom830.hpcl.titech.ac.jp> <CAH1iCip7buO_WAteXn24jDics=MOGHFMcRxvbO1O9Z-HyErdAA@mail.gmail.com>
In-Reply-To: <CAH1iCip7buO_WAteXn24jDics=MOGHFMcRxvbO1O9Z-HyErdAA@mail.gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Wed, 23 Mar 2022 09:20:51 +0100
Message-ID: <CAPt1N1kKVwezh+vK7djT1YdYLFHmHSSPRYbxRxmPYMh4ck_LGw@mail.gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
Cc: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f5c0ac05dade6841"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/cPUlpYZnk2GOkZtQjE-pYl60sjk>
Subject: Re: [DNSOP] DNSSEC as a Best Current Practice
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 08:21:10 -0000
Brian, what you said about the crypto is right but there are definitely opportunities to compromise trust at the tlds. I don’t think it’s wise to ignore this type of attack. However, in order to make such an attack, you have to do things which can be noticed (e.g. signing a zone delegation with a forged key). So the threat model for a viable DNSSEC attack is quite a bit different than for a recursive resolver attack, and is not something that could be easily effected by a small entity. Or to put it differently, the cost of a successful attack on DNSSEC would be orders of magnitude higher than for an attack on a resolver. And unlike a resolver attack, it is possible to detect a DNSSEC attack by comparing known keys to detect a compromise. With a resolver attack, you have no way to know that you’ve been spoofed. On Tue, Mar 22, 2022 at 22:12 Brian Dickson <brian.peter.dickson@gmail.com> wrote: > > > On Tue, Mar 22, 2022 at 7:12 AM Masataka Ohta < > mohta@necom830.hpcl.titech.ac.jp> wrote: > >> Paul Wouters wrote: >> >> >> Wrong. DNSSEC as PKI is not cryptographically secure subject to >> >> MitM attacks on CA chains, which is not more difficult than >> >> MitM attacks on ISP chains. >> > >> > I think at this point we have reached a point where your repeated >> > claims lack any merit >> >> So, you ignore diginotar to have demonstrated that PKI to >> blindly trust untrustworthy TTPs is cryptographically >> insecure. >> > > This is where your error is introduced. DNSSEC does not involve blind > trust. > > Previous statements by you (Ohta-san) in this thread, and observations or > counter-points: > > If a resolver correctly knows an IP address of a nameserver of a >> parent zone and the resolver and the nameserver can communicate >> with long enough ID, the resolver can correctly know an IP >> address of a nameserver of a child zone, which is secure enough >> data origin security. >> > > The difference between this model (client to server transport security > using IDs) and DNSSEC, is that DNSSEC is resistant to any MITM attacks, so > long as the resolver's root trust anchor is the same as the one published > by ICANN/IANA and used to sign the root zone. > > It is correct that the single element is a necessary component of the > trust model for DNSSEC. It is not a dependency within DNSSEC that the > endpoint's connectivity must be transport-secured or impervious to hijack. > DNSSEC does not care where the data lives or how it is retrieved. It > protects the data cryptographically. > > The point is that DNSSEC, or PKI in general, is not cryptographically >> secure merely blindly trusting untrustworthy intermediate systems, >> which means it is against the end to end principle, improperly >> called TTPs (Trusted Third Parties). > > > I think this is where your argument fails. The trust in DNSSEC is not > blind. The validation which is done by a resolver can be confirmed by an > end-host, along the entire chain (tree) from root to leaf. > > In order to achieve complete compromise, the adversary (e.g. state) would > need to compromise every software stack on every host and every resolver, > and block access to every external place that could provide contradictory > results. > > Given that the root trust anchor is public, and published on the IANA's > web site with all the appropriate protections, this means anyone can > publish the same information on their own web site, e.g. protected by TLS. > > The only way this would not be available to someone under the control of > that adversary, would be the compromise of every CA's cert, or publishing > competing certs for every TLS cert in existence, or to prevent any access > to external sites entirely. > > The notion that a state exercising that level of control would also permit > the long-enough ID communication to enable your alternative to function, > does not seem credible. > > This devolves down to two possibilities: your method is not viable if the > efforts needed to block use of the Root Trust Anchor are undertaken; or if > the efforts needed to block the Root Trust Anchor are not undertaken (in > their entirety), attempts to replace the Root Trust Anchor are detectable, > which also means the real Root Trust Anchor can be obtained and validated, > and once the latter is done, DNSSEC continues to be cryptographically > secure. > > The actual real root trust anchor is not feasible to compromise, nor are > the signing mechanisms involved for signing the root zone. A secured root > zone and root trust anchor makes it impossible to compromise any zone > protected by its parent, with the root zone anchoring those protections. > > DNSSEC is not blind trust. The ability to compromise via spoofing requires > compromise of a parent. The root zone cannot feasibly be compromised. > Therefore DNSSEC is secure. > > I concur with the rest of the folks on this thread, this subject thread > is effectively concluded. > > This message is mostly for your (Ohta-san's) benefit to understand why > DNSSEC is not in the same category as WebPKI in terms of the trust model > and trust mechanisms. > > There is an analogy in infinities: > The rational numbers and real numbers are both infinite, but the infinity > of the real numbers is "uncountable", a larger infinity than the infinity > of the rational numbers, which are "countable". > > Brian > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] Is DNSSEC a Best Current Practice? Paul Hoffman
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Paul Wouters
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Tim Wicinski
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Stephen Farrell
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Bill Woodcock
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Grant Taylor
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Colm MacCárthaigh
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Livingood, Jason
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Grant Taylor
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Yasuhiro Orange Morishita / 森下泰宏
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Tim Wicinski
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Paul Vixie
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Mukund Sivaraman
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Tim Wicinski
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Masataka Ohta
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Viktor Dukhovni
- [DNSOP] DNSSEC as a Best Current Practice Paul Hoffman
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Jim Reid
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Jim Reid
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice David Conrad
- Re: [DNSOP] DNSSEC as a Best Current Practice Brian Dickson
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Bjørn Mork
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Bjørn Mork
- Re: [DNSOP] DNSSEC as a Best Current Practice Joe Abley
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Paul Hoffman
- Re: [DNSOP] DNSSEC as a Best Current Practice Brian Dickson
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Dr Eberhard W Lisse
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Dr Eberhard W Lisse
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Vixie
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Bjørn Mork
- Re: [DNSOP] DNSSEC as a Best Current Practice Brian Dickson
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Paul Hoffman
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Masataka Ohta
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Jerry Lundström
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Jim Reid
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice james
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Tim Wicinski
- Re: [DNSOP] DNSSEC as a Best Current Practice Mukund Sivaraman
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta