On May 28, 2009, at 5:47 AM, Alessandro Vesely wrote:
I don't trust the data because it is signed, I trust it because the
signature proves that it originated from the authoritative server.
Not quite. The signature over the data proves that the holder of the
private key has signed the data. The origin of that data then becomes
irrelevant.
Therefore, if I'm connected with the authoritative server over a
trusted channel, I can trust the data even if it isn't signed.
Not really. You are relying on the fact that the authoritative server
and (potentially) the channels it uses to communicate to the
originator of the data have not been compromised.
By induction, if a resolver only uses either signed data or trusted
channels, I can trust it.
A trusted channel is superfluous when the data is signed.
The limitations in TCP or SCTP security stem from an attacker's
ability to compromise one or more routers, so as to either tamper
with the packets on the fly, or redirect them to some other host.
That's much more difficult than forging the source address of an UDP
packet, though.
True, but object security removes even the residual risk of channel
compromise (e.g., a compromised router).
However, pragmatically speaking, I suspect it is going to be much,
much easier to get DNSSEC deployed than it would be to get every
router/firewall/NAT manufacturer and network operator to support/
deploy SCTP, not to mention getting every DNSSEC server to support DNS
over SCTP.
Regards,
-drc
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf