Re: [DNSOP] DNSSEC as a Best Current Practice
Brian Dickson <brian.peter.dickson@gmail.com> Tue, 22 March 2022 21:12 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B80F73A059F for <dnsop@ietfa.amsl.com>; Tue, 22 Mar 2022 14:12:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k94M_lzSLjSI for <dnsop@ietfa.amsl.com>; Tue, 22 Mar 2022 14:12:13 -0700 (PDT)
Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D112B3A0123 for <dnsop@ietf.org>; Tue, 22 Mar 2022 14:12:12 -0700 (PDT)
Received: by mail-ed1-x530.google.com with SMTP id z92so22289589ede.13 for <dnsop@ietf.org>; Tue, 22 Mar 2022 14:12:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gkNG8moCnRsNKxE/TRGJUYVcBboPtz/iklKyyyEaWzI=; b=MHKFDfVRlclzfW+CMgJZ+gcUu0nUIwyNO46e7xOXuqQAbJ6ruz5Xi13Ono7pCxpyzQ 5vmFeQQFGb5tESy9i799eyl1uSyCbhghGrjd7vucHZHnl3ST9kWlvZQ3nGrjKUx3RuRB OtxXNwW0qfJaAUwPW4wffZIepepR3mUNMz0sOgTGJH8H8NYJuZBwjxoj0ySpxGQIDOSm Tbg2d3zM/VruHWfMK0dCUSZ3P40Fu8Kxze06RO7hh4pe2DtdAC/pvc304k5WgpEe8AKZ jNjH3UVT/6/pdmBAbN32sZTSLYY4V2+Jbn9F4H68Cg25nV4tpneMwjcs92lf7yJyopWM pFJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gkNG8moCnRsNKxE/TRGJUYVcBboPtz/iklKyyyEaWzI=; b=s4ZgVMnO6TRFQUzLhn2a2vOoMrt3TEszf5H6yL0qOMiy05octYO7USCmzzSJbMnliX IY+QjtMvEBcwk6bStqcFN7MA18ySTjlqcNfaGUon7S8Xtw6y7Z9B/JCxdTjWz+jqTvHN tNy1jU8ebEMnkh9K9t04WHp8pyPLXkqcU4i022bR+DsZ8iClim4/SBEoWADc+cDI1ldc u45DM3aEJmYXG1PqCevA+baRsYvilEbcsB+x2XyTRpZpf7D7mgrLalGa1ZcvzqT6Mync c83LNZmETo6B9Mzq+fnnX8RUbV1vFOptkkMfuzoWI33CK6g+Bi2jig1/U9F00/G3SErx YiPw==
X-Gm-Message-State: AOAM531Np7NFAcsoc57HyaKsIwLhCb0sahd7pQHmEUvsyXjcWv9p0PE9 XNHjxG1KEa3n+SauCrQ2c1QPLUiQs/AncGpY4/w=
X-Google-Smtp-Source: ABdhPJzcmDa+tTHoZZ3FZxhpyQXzD2ANWkIEs8yvOHWeys/53vTiE7ep08J3P9HdDUcM0Uc8UzQhwdIS8nnEfaMXQtM=
X-Received: by 2002:aa7:cb4e:0:b0:419:21d2:80a with SMTP id w14-20020aa7cb4e000000b0041921d2080amr19539688edt.404.1647983530771; Tue, 22 Mar 2022 14:12:10 -0700 (PDT)
MIME-Version: 1.0
References: <163bfd78-c21d-084c-9f6d-9d29b80bcbd1@necom830.hpcl.titech.ac.jp> <7B3A5D3D-2E84-45A7-BE5F-3BAC3650E95C@hopcount.ca> <e722a37a-1476-d90b-b4df-e9d4604bea59@necom830.hpcl.titech.ac.jp> <e8566381-d8e8-b99f-67c3-2e89dc9cb85@nohats.ca> <affe488c-d2c4-05a0-69b4-12c2aa97dbfa@necom830.hpcl.titech.ac.jp>
In-Reply-To: <affe488c-d2c4-05a0-69b4-12c2aa97dbfa@necom830.hpcl.titech.ac.jp>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Tue, 22 Mar 2022 14:11:58 -0700
Message-ID: <CAH1iCip7buO_WAteXn24jDics=MOGHFMcRxvbO1O9Z-HyErdAA@mail.gmail.com>
To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f29cd905dad510dc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/uFrLPJ_hqDQwMOzPBLBGHIzWju4>
Subject: Re: [DNSOP] DNSSEC as a Best Current Practice
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 21:12:18 -0000
On Tue, Mar 22, 2022 at 7:12 AM Masataka Ohta < mohta@necom830.hpcl.titech.ac.jp> wrote: > Paul Wouters wrote: > > >> Wrong. DNSSEC as PKI is not cryptographically secure subject to > >> MitM attacks on CA chains, which is not more difficult than > >> MitM attacks on ISP chains. > > > > I think at this point we have reached a point where your repeated > > claims lack any merit > > So, you ignore diginotar to have demonstrated that PKI to > blindly trust untrustworthy TTPs is cryptographically > insecure. > This is where your error is introduced. DNSSEC does not involve blind trust. Previous statements by you (Ohta-san) in this thread, and observations or counter-points: If a resolver correctly knows an IP address of a nameserver of a > parent zone and the resolver and the nameserver can communicate > with long enough ID, the resolver can correctly know an IP > address of a nameserver of a child zone, which is secure enough > data origin security. > The difference between this model (client to server transport security using IDs) and DNSSEC, is that DNSSEC is resistant to any MITM attacks, so long as the resolver's root trust anchor is the same as the one published by ICANN/IANA and used to sign the root zone. It is correct that the single element is a necessary component of the trust model for DNSSEC. It is not a dependency within DNSSEC that the endpoint's connectivity must be transport-secured or impervious to hijack. DNSSEC does not care where the data lives or how it is retrieved. It protects the data cryptographically. The point is that DNSSEC, or PKI in general, is not cryptographically > secure merely blindly trusting untrustworthy intermediate systems, > which means it is against the end to end principle, improperly > called TTPs (Trusted Third Parties). I think this is where your argument fails. The trust in DNSSEC is not blind. The validation which is done by a resolver can be confirmed by an end-host, along the entire chain (tree) from root to leaf. In order to achieve complete compromise, the adversary (e.g. state) would need to compromise every software stack on every host and every resolver, and block access to every external place that could provide contradictory results. Given that the root trust anchor is public, and published on the IANA's web site with all the appropriate protections, this means anyone can publish the same information on their own web site, e.g. protected by TLS. The only way this would not be available to someone under the control of that adversary, would be the compromise of every CA's cert, or publishing competing certs for every TLS cert in existence, or to prevent any access to external sites entirely. The notion that a state exercising that level of control would also permit the long-enough ID communication to enable your alternative to function, does not seem credible. This devolves down to two possibilities: your method is not viable if the efforts needed to block use of the Root Trust Anchor are undertaken; or if the efforts needed to block the Root Trust Anchor are not undertaken (in their entirety), attempts to replace the Root Trust Anchor are detectable, which also means the real Root Trust Anchor can be obtained and validated, and once the latter is done, DNSSEC continues to be cryptographically secure. The actual real root trust anchor is not feasible to compromise, nor are the signing mechanisms involved for signing the root zone. A secured root zone and root trust anchor makes it impossible to compromise any zone protected by its parent, with the root zone anchoring those protections. DNSSEC is not blind trust. The ability to compromise via spoofing requires compromise of a parent. The root zone cannot feasibly be compromised. Therefore DNSSEC is secure. I concur with the rest of the folks on this thread, this subject thread is effectively concluded. This message is mostly for your (Ohta-san's) benefit to understand why DNSSEC is not in the same category as WebPKI in terms of the trust model and trust mechanisms. There is an analogy in infinities: The rational numbers and real numbers are both infinite, but the infinity of the real numbers is "uncountable", a larger infinity than the infinity of the rational numbers, which are "countable". Brian
- [DNSOP] Is DNSSEC a Best Current Practice? Paul Hoffman
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Paul Wouters
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Tim Wicinski
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Stephen Farrell
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Bill Woodcock
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Grant Taylor
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Colm MacCárthaigh
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Livingood, Jason
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Grant Taylor
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Yasuhiro Orange Morishita / 森下泰宏
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Tim Wicinski
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Paul Vixie
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Mukund Sivaraman
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Tim Wicinski
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Masataka Ohta
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Viktor Dukhovni
- [DNSOP] DNSSEC as a Best Current Practice Paul Hoffman
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Jim Reid
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Jim Reid
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice David Conrad
- Re: [DNSOP] DNSSEC as a Best Current Practice Brian Dickson
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Bjørn Mork
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Bjørn Mork
- Re: [DNSOP] DNSSEC as a Best Current Practice Joe Abley
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Paul Hoffman
- Re: [DNSOP] DNSSEC as a Best Current Practice Brian Dickson
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Dr Eberhard W Lisse
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Dr Eberhard W Lisse
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Vixie
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Bjørn Mork
- Re: [DNSOP] DNSSEC as a Best Current Practice Brian Dickson
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Paul Hoffman
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Masataka Ohta
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Jerry Lundström
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Jim Reid
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice james
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Tim Wicinski
- Re: [DNSOP] DNSSEC as a Best Current Practice Mukund Sivaraman
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta