Re: [resend] Use of DNS to distribute keys

Until now, the following message thread has not been copied to pem-dev. It 
should be, I 
think, because it calls into question the need for certificates to distribute 
public keys 
in the Internet.  In the following message from Masatak Ohta, there is included 
a quote 
from, I believe, Ran Atakinson:

      > > Key certificates are
      > > generally too big and clunky to be in DNS but public keys would work
      > > fine.  There is no reason for the keys stored in DNS to be embedded in
      > > a certificate because you can use secure communication with the DNS
      > > server based on the key from the next highest level in the DNS
      > > hierarchy.  ...  Caching keys is kind of like caching IP address info.

Unless I entirely misunderstand this thread, he is saying that the DNS can be 
trusted to 
maintain the binding between my host's public key and my host's name--WITHOUT 
using a 
signed certificate.  Before I die choking on my morning coffee, I would like to 
know 
something:  What assurance features and mechanisms does Ran propose to use to 
make us trust 
all the servers in the worldwide DNS system that much?  
------------------------------------------------------------------------------------------

From: Masataka Ohta 
<mohta(_at_)necom830(_dot_)cc(_dot_)titech(_dot_)ac(_dot_)jp>
Return-Path: <mohta(_at_)necom830(_dot_)cc(_dot_)titech(_dot_)ac(_dot_)jp>
Subject: Re: [resend] Use of DNS to distribute keys
To: dee(_at_)skidrow(_dot_)lkg(_dot_)dec(_dot_)com (Beast)
Date: Thu, 16 Sep 93 22:14:39 JST
Cc: atkinson(_at_)itd(_dot_)nrl(_dot_)navy(_dot_)mil, 
ipsec(_at_)ans(_dot_)net, namedroppers(_at_)nic(_dot_)ddn(_dot_)mil
In-Reply-To: 
<9309141946(_dot_)AA11187(_at_)skidrow(_dot_)lkg(_dot_)dec(_dot_)com>; from 
"Beast" at Sep 14, 93 3:46 pm
X-Mailer: ELM [version 2.3 PL11]
X-Mdf: Mail for shirey sent to  shirey(_at_)smiley(_dot_)mitre(_dot_)org

From:  atkinson(_at_)itd(_dot_)nrl(_dot_)navy(_dot_)mil (Ran Atkinson)
To:  ipsec(_at_)ans(_dot_)net, namedroppers(_at_)nic(_dot_)ddn(_dot_)mil

    For several years now I've been thinking that the DNS is
probably a really good way to distribute keys (or key certificates).
For example, if each host had a public key accessible via the DNS, one
could more easily setup a secure session key between oneself and the
remote host that one wished to communicate with.  Also, one might be
able to encrypt UDP packets using asymmetric encryption for the odd
case where one only wanted to send one or two packets and thereby
avoid the overhead of setting up a session key for extremely brief
sessions.


This is a great idea I have also had myself.  Key certificates are
generally too big and clunky to be in DNS but public keys would work
fine.  There is no reason for the keys stored in DNS to be embedded in
a certificate because you can use secure communication with the DNS
server based on the key from the next highest level in the DNS
hierarchy. Caching these keys is kind of like caching IP address
info.


This, obviously, is the way to go. So I have surprised to have received
private mails saying that we don't need secure DNS because we have key
certificate mechanism.

Some people does not understand that key certificate mechanism does not
scale unless a tree of servers are formed.

All you need to complete the picture is to magicly know (or get
via an e-mailed certificate or something) the public keys of the root
DNS servers.


And, as we need public keys to construct the DNS tree, we don't need
any key certificates of servers.

A 1024 bit RSA key, which most people consider secure, is only 128
bytes.  An appropriate RSA digital signature is going to be about the
same size.  I guess I should do the detailed arithmetic but it seems
to me like a public key containing DNS response should fit into the
DNS 512 bytes UDP limit.


I have found a exception. A reply packet for NS query will contain, as
glue information, addresses AND public keys of multiple name servers.
Thus the 512 bytes limit does matter if there is three name servers with
glue information (quite common).

It should be noted that the NS reply for the root name servers has
once exceeded the UDP limit even without any public keys.

So, if we must extend UDP size limit or must use TCP.

                                                Masataka Ohta

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [resend] Use of DNS to distribute keys, Robert W. Shirey <= Re: [resend] Use of DNS to distribute keys, Carl Ellison Re: [resend] Use of DNS to distribute keys, Robert W. Shirey Re: [resend] Use of DNS to distribute keys, Derek Atkins Re: [resend] Use of DNS to distribute keys, Brad Huntting Re: [resend] Use of DNS to distribute keys, kaufman Re: [resend] Use of DNS to distribute keys, Perry E. Metzger Re: [resend] Use of DNS to distribute keys, Masataka Ohta Re: [resend] Use of DNS to distribute keys, kaufman Re: [resend] Use of DNS to distribute keys, Perry E. Metzger Re: [resend] Use of DNS to distribute keys, Beast (Donald E. Eastlake, 3rd)

Previous by Date:	COST PEM PCA Policy Statement, Robert W. Shirey
Next by Date:	Re: Use of DNS to distribute keys, Ran Atkinson
Previous by Thread:	COST PEM PCA Policy Statement, Robert W. Shirey
Next by Thread:	Re: [resend] Use of DNS to distribute keys, Carl Ellison
Indexes:	[Date] [Thread] [Top] [All Lists]