Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA

Joe Abley <jabley@hopcount.ca> Fri, 06 September 2013 14:43 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6F3611E8196 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 07:43:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.199
X-Spam-Level:
X-Spam-Status: No, score=-102.199 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, J_CHICKENPOX_21=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qjGGa8HmKid7 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 07:43:52 -0700 (PDT)
Received: from mail-qc0-x229.google.com (mail-qc0-x229.google.com [IPv6:2607:f8b0:400d:c01::229]) by ietfa.amsl.com (Postfix) with ESMTP id 0B5B211E8128 for <ietf@ietf.org>; Fri, 6 Sep 2013 07:43:51 -0700 (PDT)
Received: by mail-qc0-f169.google.com with SMTP id k8so1524078qcq.28 for <ietf@ietf.org>; Fri, 06 Sep 2013 07:43:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=P9Zk/0fQ7XJjKcTvqpeOv9MRrwy9xP8ydHdz5sNANHc=; b=nEi0DM+3AVtQcYg/Ebaz7P7ch8ABjaqO1pu3sQhyHQSHvHhdOfLgVgiFumT4tvxToQ dE98MrKMR8oCjyzDg6bZ9oIwZj3f9DzXuKRE283zOfdZN9tGw3noT24PfLuH1brokCP6 +YvUh45LJlDYQRFQL+YJ/VbZ2MeJClqlUiTwA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=P9Zk/0fQ7XJjKcTvqpeOv9MRrwy9xP8ydHdz5sNANHc=; b=iqaaa9agjU8d5u9mgjV5e/bJUXpQDDSQ1r+kknIH0ab5AWpEZS5MXjbG92Kzvl4Tq6 Mir+E+gBCEXsnxxK2XVO2AQ92NizG+eKJD3RH5f1m5fcARu7qdVuuJdRqbMnkib4wHeF xErIIYe5bs37Aj9yyX4NH6HG9VmyWSoyrYva3oX+k6I0gTjlXhDBIPcyvrPNZDJK8sYx 2lZGY7JRuQY8NIjXQuKsKb8a5vgzSpkiULTz2muBcE5XIRgGv4k5rmu/0r9oNtxwpgRX X2LL0j1BY/xV3kwHXnrDixSu8lFXUjNA/3gObFJmMvx7ReRFEl1w0QHceI3u8IM58RDF bO3A==
X-Gm-Message-State: ALoCoQm2q6n1VhMRtspKImKXbGZ5XJZbJWT2g6M1sikTwtTNqKtFBTZLvaVVzq1yPP6MUDvxIvbx
X-Received: by 10.224.35.196 with SMTP id q4mr1535380qad.106.1378478624794; Fri, 06 Sep 2013 07:43:44 -0700 (PDT)
Received: from [199.212.90.59] ([135.23.68.78]) by mx.google.com with ESMTPSA id m5sm5240320qaa.13.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 06 Sep 2013 07:43:44 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <20130906141612.GC1249@thunk.org>
Date: Fri, 06 Sep 2013 10:43:42 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <6F39C53D-D758-47F8-A6C5-968C6254150C@hopcount.ca>
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <CAMm+LwjdN478yyU=J7=GTpQxqtdgP8wtdEtna50X+WtA-bV3hg@mail.gmail.com> <52294BDC.4060707@gmail.com> <20130906033254.GH62204@mx1.yitter.info> <CAMm+Lwg9kJymBWaEXwZfQ=P5Uo-UmYoNvvzewnXjUu+mhg+QTQ@mail.gmail.com> <006001ceaad6$61f39640$4001a8c0@gateway.2wire.net> <5229D6B0.1040709@qti.qualcomm.com> <20130906141612.GC1249@thunk.org>
To: Theodore Ts'o <tytso@mit.edu>
X-Mailer: Apple Mail (2.1508)
Cc: Pete Resnick <presnick@qti.qualcomm.com>, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 14:43:53 -0000

On 2013-09-06, at 10:16, Theodore Ts'o <tytso@mit.edu> wrote:

> On Fri, Sep 06, 2013 at 06:20:48AM -0700, Pete Resnick wrote:
>> 
>> In email,
>> we insist that you authenticate the recipient's certificate before
>> we allow you to install it and to start encrypting, and prefer to
>> send things in the clear until that is done. That's silly and is
>> based on the assumption that encryption isn't worth doing *until* we
>> know it's going to be done completely safely.
> 
> Speaking of which, Jim Gettys was trying to tell me yesterday that
> BIND refuses to do DNSSEC lookups until the endpoint client has
> generated a certificate.

All modern DNSSEC-capable resolvers (regardless of whether validation has been turned on) will set DO=1 in the EDNS0 header and will retrieve signatures in responses if they are available. BIND9 is not a counter-example. Regardless, an end host downstream of a resolver that behaves differently (but that is capable of and desires to perform its own validation) can detect an inability to receive signatures, and can act accordingly.

There is no client certificate component of DNSSEC. The trust anchor for the system is published as part of root zone processes at IANA, and a variety of mechanisms are available to infer trust in a retrieved trust anchor. (These could use more work, but they exist.)

There is a (somewhat poorly-characterised and insufficiently-measured) interaction with a variety of middleware in firewalls, captive hotel hotspot, etc that will prevent an end host from being able to validate responses from the DNS, but in those cases the inability to validate is known by the end host; you still have the option of closing your laptop and reattaching it to the network somewhere else.

>  Which is bad, since out-of-box, a home
> router doesn't have much in the way of entropy at that point, so you
> shouldn't be trying to generate certificates at the time of the first
> boot-up, but rather to delay until you've had enough of a chance to
> gather some entropy.

In DNSSEC, signatures are generated before publication of zone data, and are verified by validators. You don't need a high-quality entropy source to validate a signature. There is no DNSSEC requirement for entropy in a home router or an end host.

>  (Or put in a real hardware RNG, but a
> race-to-the-bottom in terms of BOM costs makes that not realistic.)  I
> told him that sounds insane, since you shouldn't need a
> certificate/private key in order to do digital signature verification.

I think you were on the right track, there.

> Can someone please tell me that BIND isn't being this stupid?

This thread has mainly been about privacy and confidentiality. There is nothing in DNSSEC that offers either of those, directly (although it's an enabler through approaches like DANE to provide a framework for secure distribution of certificates). If every zone was signed and if every response was validated, it would still be possible to tap queries and tell who was asking for what name, and what response was returned.


Joe