Re: DNSCurve vs. DNSSEC - FIGHT! (was OpenDNS today announced it has adopted DNSCurve to secure DNS)

Phillip Hallam-Baker <hallam@gmail.com> Fri, 26 February 2010 21:14 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 65A143A85B5 for <ietf@core3.amsl.com>; Fri, 26 Feb 2010 13:14:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.54
X-Spam-Level:
X-Spam-Status: No, score=-0.54 tagged_above=-999 required=5 tests=[AWL=-1.574, BAYES_00=-2.599, FRT_EXPERIENCE=2.333, J_CHICKENPOX_36=0.6, SARE_BIZOP=0.7]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q6tXkc5D4a0v for <ietf@core3.amsl.com>; Fri, 26 Feb 2010 13:14:01 -0800 (PST)
Received: from mail-iw0-f189.google.com (mail-iw0-f189.google.com [209.85.223.189]) by core3.amsl.com (Postfix) with ESMTP id 43BD43A8572 for <ietf@ietf.org>; Fri, 26 Feb 2010 13:14:01 -0800 (PST)
Received: by iwn27 with SMTP id 27so78343iwn.5 for <ietf@ietf.org>; Fri, 26 Feb 2010 13:16:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=rzyhqQTeWQ4H9bycUK0KjebmRrFH6Jm9s5ELeBnlLtA=; b=WB8KyOT6cDsVsAnW+VhnKdxrAEUmvuOhwPaEJ9k5OTLNqHLO0CzK/zUOWMda/tjYgp Gfs/9KoCeiPV0CfVb3ZRlIhq9O2Q/LLxIOX9/Yh36NF0NnscNBI/KqLtrPOtpJGB9yYf ri2SBFL+TlK5AVdRwFGjGLlhCpnGkC99Vc8DY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=NexXlBXacuuTWvtt9l9F8E13Maq3g1FlwIy2TxCjbwFBqGNEvYunXm5Og0nkZZk4Y/ zFNvQ0EFOhsBKKlTFdwjdohfsligSAuOq+xsDB2+Upr+z51gYycdUHA6LwdIfdnnqZpB Y5LZLU6HdmhNX/vRldv5dMPMDxicf2wXNgukc=
MIME-Version: 1.0
Received: by 10.231.160.149 with SMTP id n21mr778212ibx.93.1267218973715; Fri, 26 Feb 2010 13:16:13 -0800 (PST)
In-Reply-To: <20100225201803.GA4842@isc.upenn.edu>
References: <4B859F15.9080106@acm.org> <201002242347.o1ONlt7L023898@drugs.dv.isc.org> <4B85BF52.7030004@necom830.hpcl.titech.ac.jp> <c331d99a1002241619y47f91f50g4433a7233350dc74@mail.gmail.com> <4B85DBCA.2060407@necom830.hpcl.titech.ac.jp> <4B862D03.7060602@gnutls.org> <4B863571.40604@necom830.hpcl.titech.ac.jp> <a123a5d61002250614h36c51a42xebb54c3cc340829d@mail.gmail.com> <alpine.LFD.1.10.1002251151010.1697@newtla.xelerance.com> <20100225201803.GA4842@isc.upenn.edu>
Date: Fri, 26 Feb 2010 16:16:13 -0500
Message-ID: <a123a5d61002261316r75245cd4p2d85c342ace577d0@mail.gmail.com>
Subject: Re: DNSCurve vs. DNSSEC - FIGHT! (was OpenDNS today announced it has adopted DNSCurve to secure DNS)
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Shumon Huque <shuque@isc.upenn.edu>
Content-Type: text/plain; charset="ISO-8859-1"
X-Mailman-Approved-At: Mon, 01 Mar 2010 07:32:02 -0800
Cc: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>, Paul Hoffman <paul.hoffman@vpnc.org>, IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2010 21:14:06 -0000

Some CAs sacrificed security for profitability. Which was the reason I
started the EV process. If the race to the bottom had continued the
products we sold would have no value at all.

Getting your root into a browser requires you to get a WebTrust audit
against your CPS. The problem is that before EV there were no
requirements for the CPS. So long as your process said 'I do
absolutely nothing at all', you could get your WebTrust audit. Some of
the browser providers impose other requirements, but none addressed
the validation criteria until EV was created.

http://technet.microsoft.com/en-us/library/cc751157.aspx

The only thing that was holding the system together was the fact that
the older browsers could not update their root stores. So new CAs
could only get a start by paying to cross-certify with an existing
root. And all the roots that were inserted pre-Web Trust had been
required to provide a CPS that actually committed them to do something
with at least some meaning. That is why it costs more to get your CA
cross-signed by some roots than others, those that promised least can
command the highest prices.

At this stage there are far fewer older browsers due to natural
attrition and the older roots timing out. And at the end of this year
Microsoft is going to pull the 1024 bit roots from the program. That
is a good thing from the crypto point of view but will eliminate the
last vestiges of control in the DV market unless something is done.


I would like to deploy DNSSEC for the same reasons that you give. The
problem is that at the moment it runs straight into a buzz-saw of
global international politics. That is in the process of being fixed.


On Thu, Feb 25, 2010 at 3:18 PM, Shumon Huque <shuque@isc.upenn.edu> wrote:
> On Thu, Feb 25, 2010 at 11:55:03AM -0500, Paul Wouters wrote:
>> On Thu, 25 Feb 2010, Phillip Hallam-Baker wrote:
>> >If DNSSEC succeeds, the domain validated certificate business will
>> >have to either transform or eventually die. I think that for most CAs,
>> >the business opportunities from SSL+DNSSEC are greater than the
>> >opportunities from the current DV SSL business. DNSSEC cannot deploy
>> >unless the registrars have cryptography expperience, the CAs have that
>> >experience.
>>
>> If you ask security researchers, it has been proven that CA's sacrificed
>> security for profitability. The CA model has failed to work. 2 second
>> validation based on email, md5 based * root certificates signed, etc etc.
>> The last two years saw a significant amount of attacks against CA's, and
>> CA's have seen their profit margin fall to near zero, so even if they
>> wanted to, they cannot increase security (you ask me a confirmation for
>> my cert, I'll go to this other ssl provider that doesn't).
>
> I'll refrain from inserting the obligatory Matt Blaze CA quote
> here :-)
>
>> The time of outsourcing security to CA's is over.
>>
>> Paul
>
> Exactly. What many of us would like to see is the ability for
> enterprises to issue X.509 certificates themselves for their own
> application services. If we're going to have a global PKI,
> the way I think it should work is that CA's higher up in the
> hierarchy should certify CA's below them (enterprises or
> some trusted intermediaries) using 'name constraint's so that
> the subordinate CA's can only issue certificates for subject
> identities in the namespace for which they have authority. And
> ideally the higher level CAs should be multi-lateral non-profits,
> rather than states or for-profit corporations engaged in a
> collective race to the bottom.
>
> The current situation with commercial CAs is beyond horrible. Just
> take a look at how many "root" CAs are embedded in your favorite
> browser, and with virtually no constraints on the name space in
> which they can issue certs. Do you really trust all of them? Any
> of them, whether by malice or by being tricked, can issue a certificate
> for any of your services. Our security is basically as good as the
> the CA with the laxest policies & worst security.
>
> And in terms of functionality, they are woefully inadequate too.
> Most of them can only issue certs for hostnames in subject or
> subject alternative name dnsname fields. What if I want to deploy
> a certificate with other types of extension fields to better
> compartmentalize security or to enable new functionality, eg. URI,
> SRVName, a custom SAN, or application-service specific EKU fields?
> Allowing organizations to issue their own certificates allows them
> to deploy security infrastructure that actually addresses their needs.
>
> Perhaps it's wishful thinking, but I kinda look forward to the
> day that DNSSEC is widely deployed. I look forward to using SSHFP,
> IPSECKEY, and (a better version of) CERT to displace the broken
> Internet PKI ..
>
> --Shumon.
>



-- 
-- 
New Website: http://hallambaker.com/
View Quantum of Stupid podcasts, Tuesday and Thursday each week,
http://quantumofstupid.com/