Re: [TLS] [pkix] Cert Enumeration and Key Assurance With DNSSEC

[Phillip Hallam-Baker <hallam@gmail.com>]

The attack surface is the number of paths that are open to an attacker.

In the current model there is only one trust path, the PKIX path.

In the new model, the attacker has a choice of trust paths, the PKIX path
and the DNSSEC path and they can attack either of them.

The problem with the DNSSEC path is that it is vulnerable to attacks against
the information input to the DNS system. The weakest link there is the
safeguards on registration of the DNS names.


I think that whenever a proposal of this type is brought that we should be
told all the considerations and all the events that are motivating the
design.



On Sat, Oct 2, 2010 at 9:49 PM, Marsh Ray <marsh@extendedsubset.com> wrote:

> On 10/02/2010 03:16 PM, Ben Laurie wrote:
>
>> On 1 October 2010 16:15, Phillip Hallam-Baker<hallam@gmail.com>  wrote:
>>
>>>
>>> The problem with that approach is that the attacker now has two
>>> infrastructures that they can attack rather than just one.
>>>
>>
>> If I deploy the DNS solution, stating that DNS is authoritative, then
>> my attack surface now excludes all CAs. How is that an increase in
>> attack surface?
>>
>> Contrast with today's situation, where my attack surface is increased
>> on a regular basis by the introduction of new CAs, without any
>> consultation with me at all.
>>
>
> The thing we have to to keep in mind here is that this "attack surface" is
> largely determined on the client of the equation. In other words, if you
> attempt to set policy through DNS, it only applies to clients who choose to
> respect it. And clients do have that annoying habit of not consulting the
> server admins (or the users for that matter) before changing their trust. We
> can blame Netscape, they intentionally set it up this way (and are no longer
> around to defend themselves).
>
> How much consistency is there in the current crop of PKI rules? What if
> DNSSEC info conflicts with other info?
>
> Vendors of client software sometimes give themselves a root cert in the
> client, or at least have a close relationship with some of their CAs.
> There's a lot of money at stake, how eager will they be to allow sites to
> opt-out of that trust? Some of them also sell TLS MitM interception
> products.
>
> The possibility that the bulk of clients will respect DNSSEC records which
> cut their CAs out of the trust equation any time soon seems a bit remote. We
> might as well be discussing the deprecation of SSLv3. It could happen
> eventually, but probably not in the near term.
>
> In the meantime, we'd end up with the DNS root effectively having the power
> of yet another CA. Except that it's not, because the various arms of ICANN
> and VeriSign/Symantec are probably already trusted many times over.
>
> I've seen it said that during the pre-deployment phase, the designers and
> promoters of DNSSEC denied they were making a replacement PKI. But the
> discussion now is to what extent it is inevitable. Regardless, if this is
> PKI 2.0 getting ready to usurp the throne, we should at least ensure that
> its a legitimately designed trust model this time rather than stumbling into
> whatever serves to enable some set of business agreements.
>
> - Marsh
>



-- 
Website: http://hallambaker.com/