Re: [TLS] [pkix] Cert Enumeration and Key Assurance With DNSSEC
Martin Rex <mrex@sap.com> Tue, 05 October 2010 19:46 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 91A923A6E62; Tue, 5 Oct 2010 12:46:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.866
X-Spam-Level:
X-Spam-Status: No, score=-9.866 tagged_above=-999 required=5 tests=[AWL=0.383, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2xDHy26W5LDr; Tue, 5 Oct 2010 12:46:01 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id 698EC3A6DF6; Tue, 5 Oct 2010 12:46:00 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id o95JkuHP024701 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 5 Oct 2010 21:46:57 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201010051946.o95JkteM009316@fs4113.wdf.sap.corp>
To: hallam@gmail.com
Date: Tue, 05 Oct 2010 21:46:55 +0200
In-Reply-To: <AANLkTinMSh7VdfSw1CwhAvBJXv9YW3KYfhtv2QU6LKcp@mail.gmail.com> from "Phillip Hallam-Baker" at Oct 5, 10 12:56:49 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal06
X-SAP: out
Cc: pkix@ietf.org, DPKemp@missi.ncsc.mil, dnsop@ietf.org, tls@ietf.org, saag@ietf.org
Subject: Re: [TLS] [pkix] Cert Enumeration and Key Assurance With DNSSEC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Oct 2010 19:46:04 -0000
Phillip Hallam-Baker wrote: > > David P. Kemp wrote: > > > > For the DNS/PKI case, if A is an IP address for a dnsname and B is a > > public key for a dnsname, then it is necessary to attack the sources of > > A and B in order to successfully spoof a named server. If A and B come > > from the same system (e.g., DNS) it is necessary to attack only that > > system. If they come from different systems (DNS and PKI) then it is > > necessary to attack both. Attacking only one may cause an availability > > failure, but not an integrity failure. > > When I originally looked at this scheme I thought that it was intended to > reduce the attack surface in the manner you describe. > > Clearly if you have two controls, A and B and BOTH must be compromised, the > system is less likely to be compromised than either A or B. The DNS admin that controls A can always get a perfectly valid certificate B issued and successfully impersonate all services offered on servers in his DNS domain. Because of this characteristic of the TLS PKI, it doesn't matter how much scrutiny the CAs apply, if you can not trust the DNS admin, you loose. Requiring the involvement of a pre-trusted commercial CA makes it less attractive to DNS admins to abuse their position and harder for attackers that manage to modify DNS records of DNSSEC signed zones to impersonate servers in that DNS zone. Obtaining CA-signed server certs may require "official procurement", so the issuance of the server certs goes on record at the issuing CA and the domain owners procurement. This could serve as a deterrent for outsourced DNS services or unhappy DNS admins. > > But the design approach taken in the Hoffman et. al. proposal is that > publication of a DNSSEC assurance for a cert disables verification on the > PKIX chain unless the 'preferences' flag is set. This flag will be buried in > a base64 encoded sub-field encoding. What is the alternative? I'm constantly hearing some folks that want to obtain DNSname-constrained organizational CA-certs signed under one of the pre-configured trust anchors so that their (DNS) admin can issue server certs without involvement of commercial CAs. Such CA-certs will probably sell at a significant premium. Should the IETF really define TLS technology in a fashion where everyone will have to buy out of slavery from a commercial CA oligopoly at a significant premium for every DNS domain one operates? It is a "trade-off", to hold the whole world hostage to the CA oligopoly in order to keep the initial investment (the "Coasean floor"[*]) high for only one specific impersonation attack, but I'm not convinced that this particular approach is the the best solution or the only solution and that the benefit is worth the cost. I could imagine that it appeals to top-level management, because they do not like to worry about outsourcing stuff (like DNS administration) or worry about making employees (like DNS admins) unhappy. -Martin [*] There was an article about "Coasean floor" in Bruce Schneiers Dec-2008 Cryptogram http://www.schneier.com/crypto-gram-0812.html#7
- [TLS] Cert Enumeration and Key Assurance With DNS… Phillip Hallam-Baker
- Re: [TLS] Cert Enumeration and Key Assurance With… Ben Laurie
- Re: [TLS] Cert Enumeration and Key Assurance With… Phillip Hallam-Baker
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Matt McCutchen
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Phillip Hallam-Baker
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Ben Laurie
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Marsh Ray
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Phillip Hallam-Baker
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Peter Gutmann
- Re: [TLS] [DNSOP] [pkix] Cert Enumeration and Key… Phillip Hallam-Baker
- Re: [TLS] [DNSOP] [pkix] Cert Enumeration and Key… Tony Finch
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Michael StJohns
- Re: [TLS] [DNSOP] [pkix] Cert Enumeration and Key… Tony Finch
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Martin Rex
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Marsh Ray
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Ralph Holz
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Stephen Farrell
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Geoffrey Keating
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Martin Rex
- Re: [TLS] Cert Enumeration and Key Assurance With… Ondřej Surý
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Jeffrey A. Williams
- Re: [TLS] Cert Enumeration and Key Assurance With… Phillip Hallam-Baker
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Martin Rex
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Phillip Hallam-Baker
- Re: [TLS] [DNSOP] [pkix] Cert Enumeration and Key… Jakob Schlyter
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Michael StJohns
- Re: [TLS] [DNSOP] [pkix] Cert Enumeration and Key… Andrew Sullivan
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Jeffrey A. Williams
- [TLS] OtherCerts & pinning (Was: Re: [pkix] Cert … Stephen Farrell
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Martin Rex
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Kemp, David P.
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Ralph Holz
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Ondřej Surý
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Phillip Hallam-Baker
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Jeffrey A. Williams
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Seth David Schoen
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Marsh Ray
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Stephen Kent
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Paul Hoffman
- Re: [TLS] Cert Enumeration and Key Assurance With… Nicolas Williams
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Martin Rex
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Marsh Ray
- Re: [TLS] [saag] [pkix] Cert Enumeration and Key … Peter Gutmann
- Re: [TLS] [saag] [pkix] Cert Enumeration and Key … Yaron Sheffer
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Henry B. Hotz
- Re: [TLS] [saag] [pkix] Cert Enumeration and Key … der Mouse
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Carl Wallace
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Jeffrey A. Williams
- Re: [TLS] [DNSOP] [saag] [pkix] Cert Enumeration … Doug Barton
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Bruno Harbulot
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Phillip Hallam-Baker
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Martin Rex
- Re: [TLS] [pkix] Cert Enumeration and Key Assuran… Jeffrey A. Williams
- Re: [TLS] [DNSOP] [pkix] Cert Enumeration and Key… Paul Wouters