On Tue, Jun 02, 2009 at 10:38:28PM +0900, Masataka Ohta wrote:
Christian Huitema wrote:
That is, security of DNSSEC involves third parties and is not end
to end.
That is indeed correct. An attacker can build a fake hierarchy of
"secure DNS" assertions and try to get it accepted. The attack can
succeed with the complicity of one of the authorities in the
hierarchy. It is a classic "attack by a trusted party".
Yes, the hierarchy has hops.
For my domain: "necom830.hpcl.titech.ac.jp", hierarechy of zones
have hops of ".", "jp", "ac.jp", "titech.ac.jp" and
"hpcl.titech.ac.jp". The authority hops are IANA, JPNIC, my
university, and my lab. Though you may have direct relationship
with IANA, JPNIC is the third party for both you and me.
If an intermediate authority has
been compromised, it can just as well insert a fake NS record --
that's not harder than a fake record signature.
So, with a compromised hop of an intermediate authority, record
signature on the faked next hop key can be generated.
Then, with a private key corresponding to the faked next hop key,
record signature on the faked second next hop key can be generated.
Then, with a private key corresponding to the faked second next
hop key, record signature on the faked third next hop key can be
generated.
Yes, security of DNSSEC is totally hop by hop.
Masataka Ohta
i think the distinction here might be characterised by
the use of terms:
-channel security
-data integrity
DNSSEC - the signing of the data, provides a means to ensure the
accuracy and integrity of the data, the payload. Given the design
of the DNS, that data can come from an authoritative source or a cache.
there is no expectation that the data will emerge from or through any
given path/source. Once the data is received, it is possible to
determine
if the data is a) intact, and b) untampered with. There is no hop/hop at
the transport level cause DNS really doesn't work that way today.
Channel Security - hop/hop can be done a couple of different ways.
IPsec,
TSIG, SIG(0), DNSCurve et.al. From a resolver point of view, this type
of security is usually done only one hop away, to the prefered cache or
(small) set of authoritative servers. It could be possible, but
unweildy
to do complete channel security. But to what end?
--bill
Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf