Re: [Trans] DNSSEC also needs CT

Nico Williams <nico@cryptonector.com> Tue, 13 May 2014 16:11 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 188841A0115 for <trans@ietfa.amsl.com>; Tue, 13 May 2014 09:11:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DYEseMpeRRfY for <trans@ietfa.amsl.com>; Tue, 13 May 2014 09:11:26 -0700 (PDT)
Received: from hapkido.dreamhost.com (hapkido.dreamhost.com [66.33.216.122]) by ietfa.amsl.com (Postfix) with ESMTP id 997161A0117 for <trans@ietf.org>; Tue, 13 May 2014 09:10:37 -0700 (PDT)
Received: from homiemail-a32.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by hapkido.dreamhost.com (Postfix) with ESMTP id C39CA9280A for <trans@ietf.org>; Tue, 13 May 2014 08:59:55 -0700 (PDT)
Received: from homiemail-a32.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a32.g.dreamhost.com (Postfix) with ESMTP id 8B3B0584064 for <trans@ietf.org>; Tue, 13 May 2014 08:54:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=VMaLJpv/9ahMw1ok3bT1 at+yGL4=; b=RCZQBDr0AJt3tP259ykPysj1ZlMl3YNUwRd16bwsAPd0JLZpb8By TyoGSxkrHVtrN/NhrZE5LY6RF+UlsUirKYSl5lZ6EnarPVnuYH/i6ugj74e7REkr 8s4niWHlR9mQGb3x4+kYdCajHCXUdMqJrLLxo5QSYK6n4+7hHz3WTnw=
Received: from mail-we0-f169.google.com (mail-we0-f169.google.com [74.125.82.169]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a32.g.dreamhost.com (Postfix) with ESMTPSA id 29AEA584065 for <trans@ietf.org>; Tue, 13 May 2014 08:54:33 -0700 (PDT)
Received: by mail-we0-f169.google.com with SMTP id u56so599975wes.14 for <trans@ietf.org>; Tue, 13 May 2014 08:54:32 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.194.59.231 with SMTP id c7mr213796wjr.95.1399996472669; Tue, 13 May 2014 08:54:32 -0700 (PDT)
Received: by 10.216.29.200 with HTTP; Tue, 13 May 2014 08:54:32 -0700 (PDT)
In-Reply-To: <alpine.LFD.2.10.1405131128150.25023@bofh.nohats.ca>
References: <CAK3OfOjiL2DTJPH3CaAjg8YGrrwN56SgQ+DnqPXx4MLbgXQN+A@mail.gmail.com> <alpine.LFD.2.10.1405101722240.897@bofh.nohats.ca> <CABrd9ST7K-7RGwGD2G+kDcVSceC2ZJ-5Tz2tdp5NWa3cqBK+-w@mail.gmail.com> <CAOe4Ui=nqmCfjBYNE2CJtEs1jnbavpY4Dv-T3FRDdAwAA2dScg@mail.gmail.com> <CAK3OfOiYMJkXVR+QsCzEV0ir6u53coJz0b-JdGGD5bTTz5YcMg@mail.gmail.com> <CAOe4Ui=u0fkm9_nuXx_6gpH6jHM5pBvzjzru9O8y3bpLkA0qmw@mail.gmail.com> <CAK3OfOi6y=QAMXe_2axiavxwR5nS2Uv8SM4JxQHsvEKbUyNGCA@mail.gmail.com> <CAOe4Uimvc6e6u=fJjM1-iaOTepA33Sx5CBjMV9dB8sSLqtZoWA@mail.gmail.com> <CAK3OfOhdhWdGvvhuaGyE_p5kLy0ZX-V5sAXfoLGP_8d8vPJDgg@mail.gmail.com> <CAOe4Uik+fjM4wTVBiFxphVZAwVYBPgd1a9xUyUBMSFy30SWNLg@mail.gmail.com> <CAK3OfOiC+5+s2UtSEP788W23tHq6VQSQfMsUboUp16L-27zsvQ@mail.gmail.com> <CABrd9STYxmK6gg7a5wDtejdc_Y0aD9hwQkHpFu3HbxVbMZDQHQ@mail.gmail.com> <alpine.LFD.2.10.1405130948160.25023@bofh.nohats.ca> <CABrd9SSiHfyvPxgYrDZ_idE+UGcUXVFx3BGcc2qp+t+nmuJwLw@mail.gmail.com> <alpine.LFD.2.10.1405131128150.25023@bofh.nohats.ca>
Date: Tue, 13 May 2014 10:54:32 -0500
Message-ID: <CAK3OfOivqH=HdaNPA5+c7qGvHJ0kS9S_-HNd6pM1TeeFnyJ3sw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Paul Wouters <paul@nohats.ca>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/mvta1iPdIF0f6WJlVvUjRBOikmA
Cc: "trans@ietf.org" <trans@ietf.org>, Ben Laurie <benl@google.com>
Subject: Re: [Trans] DNSSEC also needs CT
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 16:11:35 -0000

On Tue, May 13, 2014 at 10:33 AM, Paul Wouters <paul@nohats.ca> wrote:
> On Tue, 13 May 2014, Ben Laurie wrote:
>> OK, good point: zone cuts need to also be verified.
>>
>>> The other case is injection of a custom DS RRset. How would we tell the
>>> difference between the legitimate zone owner adding a DS record or an
>>> attacker/parent zone owner adding one?
>>
>> The legitimate owner can tell - that's the point, right?
>
> How does that help protect a non-owner user of someone's site being
> attacked with a targetted attack? If I don't run victim.com, and I am

They check that what they see appears in the issuers' logs and rely on
domain owners to monitor their issuers.  If at all possible TLS (and
other) clients will tell their peers what STHs the saw, and the
servers can check that those appear in the log).  If enough domain
owners do this then targeted MITM attacks get harder to pull off
without being detected.

This is the herd immunity theory: eventually the risk of detection is
so high for would-be MITMers that they won't risk it at all (except,
of course, for cases like open war, where detection is a non-issue).

This seems especially likely to be the case for DNSSEC because of caching.

> just a visitor of victim.com, but only I am given rogue DNSSEC records,
> how can I tell something is wrong? I would go to the public log and see
> the DS I received is not in there?

Yes.  Or that it is.  If it is and your peers monitor the logs then
you can at least rest easy that the likelihood of MITM issuer
detection is very high.

Nico
--